top of page

DATA PROTECTION POLICY

  1. OVERVIEW

METTMANN PUBLIC COMPANY LIMITED, incorporated and existing under the Laws of the Republic of Cyprus, registered number HE 405498, with registered address at Spyrou Araouzou 67, Ulysses House, Office 202, 3036, Limassol, Cyprus  (referred to as “we”, “us”, “our”, “Mettmann” or the “Company”) is committed to protecting your privacy and handling your data in an open and transparent manner in accordance with the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”), as amended and replaced from time to time, as well as the relevant implementing legislation L.125(I)/2018 of the Republic of Cyprus in relation to all processing activities carried out by the Company in respect of your Personal Data. The scope of this Data Protection Policy (the “Policy”) is to explain and elaborate on how we collect, use, process and store your Personal Data in the course of our business. The Personal Data that we collect, and process depend on our business relationship, engagement or service requested and agreed in each case. Please read this Policy to learn about your rights, what information we collect, how we use and protect it.

This Policy applies to our directors, shareholders, investors, current and former employees, business partners, consultants, service providers and any other third parties that the Company interacts with i.e., the “Data Subject” for the purposes of this Policy.

Personal Data means any information relating to an identified or identifiable natural person the “Data Subject”; on its own, or when taken together with other information which is likely to come into our possession. The Company in the most of the cases, is the data controller of your personal data.

This Policy applies to all Personal Data whether it is stored electronically, on paper or on other materials. This Policy shall not consider as part of your employment contract or our engagement letter or any other legal arrangements between us and can be amended by the Company at any time. You can find the last version of our Policy at the website of the Company www.mettmann.biz.

Any questions relation to this Policy or request in respect of Personal Data should be directed to the Data Protection Officer at dpo@mettmann.biz.

HOW PERSONAL DATA IS COLLECTED

Your Personal Data may be collected:

  • From you or your authorised representatives via email, telephone and our website;

  • From you or your authorised representatives and messengers in hard copies or originals;

  • From third parties, established or located within and/or outside the EEA;

  • During our contractual relationship with you;

It is your duty and responsibility to provide us with updates as to the Personal Data provided in order for such Personal Data to remain current, accurate and correct and you acknowledge that we rely on the Personal Data provided to us in carrying out our obligations, under the law and our contractual relationship with you.

We may also collect and process personal data from publicly available sources (e.g., the Department of Registrar of Companies and Official Receiver, commercial registers, the internet) which we lawfully obtain and we are permitted to process.

 

CATEGORIES OF PERSONAL DATA WHICH WE COLLECT

We will collect and use mainly the following types of Personal Data about you:

  • contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address);

  • information required by the Company to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;

  • recruitment information such as your application form and CV, references, qualifications and membership of any professional bodies and details of any pre-employment assessments;

  • professional details (e.g., job and career history, salary, pension and benefits, educational background and professional memberships, published articles);

  • copies or details of your identification documents including passport, identification card and information in relation to your immigration status;

  • financial information (e.g., taxes, payroll, investment interests, pensions, assets, bank details, insolvency records, social insurance number, FATCA/CRS info);

  • CCTV at our sites may collect images of visitors. Cameras embedded in our offices are target to identify security matters;

  • we collect data from the visitors of our website. You can find types of information that is collected and recorded from our website and how we use it in our cookie policy;

  • any other category of Personal Data you may provide us.

Special categories of Personal Data are types of Personal Data consisting of information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, child’s data, genetic or biometric data, health information, sex life and sexual orientation, any criminal convictions and offences etc.

We typically do not collect sensitive or special categories of Personal Data about individuals. In some circumstances it is necessary for the Company to collect and/or process sensitive Personal Data (such as health conditions of our employees). Other than where such Personal Data is made public by the individual themselves, such processing would only be undertaken as necessary for the Company to exercise its rights and obligations as an employer (such as health reports as part of our payroll procedures), protect the vital interests of individuals, establish or defend legal claims or with the explicit consent of the individual(s) concerned. 

 

HOW WILL WE PROCESS YOUR PERSONAL DATA

We will use your Personal Data:

  • to enter into any business relationship;

  • to perform the contract of employment or other engagement between us;

  • as part of our due diligence procedures;

  • to monitor and protect the security (CCTV) of the premises of the Company, our staff and any other person entering the company

  • to comply with any legal, regulatory and ethical obligation e.g. the Money Laundering Law, the Investment Services Law, Tax laws, The Cyprus Stock Exchange Law.;

  • to communicate with you;

  • for the purpose of traffic analytics (collection of IP addresses);

  • to safeguard legitimate interests. We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information provided that it is not unfairly go against what is right and best for you;

  • any other purpose(s) which has been agreed by or notified to you.

We can process your Personal Data only for the purposes which are provided. We will not use your Personal Data for an unrelated purpose without notifying you about the legal basis that we need to rely on for processing it.

 

DO WE SHARE PERSONAL DATA WITH THIRD PARTIES

Hosting and storage of your data takes place in Mettmann’s offices located in Spyrou Araouzou 67, Ulysses House, 2nd floor, office 202, 3036, Limassol, Cyprus.

No third-party providers have access to your data, unless specifically required by law.  We may occasionally share Personal Data with trusted third parties, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. We require those recipients to keep your Personal Data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

We may engage with several or all of the following categories of recipients:

  • Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support including cloud-based software and document production services, archiving services, web-hosting, data analysis, security and storage services).

  • Professional advisers, including legal advisors, nominated advisors, auditors and insurers.

  • Governmental and regulatory agencies and other third parties including competent authorities as required by applicable law.

  • Recruitment services providers. 

 

DO WE SHARE PERSONAL DATA WITH THIRD COUNTRIES

We may send Personal Data outside the European Economic Area only if this is necessary for exercise our business operation or only upon your approval. We ensure that each recipient is required to safeguard Personal Data in accordance with our contractual obligations and data protection legislation.

 

HOW SHOULD YOU PROCESS PERSONAL DATA FOR THE COMPANY

Everyone who works for, or on behalf of, the Company or any other third party that we may share any Personal Data in part of our business relationship has responsibility for ensuring data is collected, stored and handled appropriately, in line with the GDPR and this Policy.

Minimum procedure which recipients of Personal Data shall follow:

  • You should only access Personal Data covered by this Policy only if you are authorised to do so and you should only use the data for the specified lawful purpose for which it was obtained.

  • You should not share Personal Data informally.

  • You should keep Personal Data secure and not share it with unauthorised people.

  • You should regularly review and update Personal Data which you have to deal with for work.

  • You should implement appropriate security practices (such as not to make unnecessary copies of Personal Data and keep any copies securely, to use strong passwords and encrypted methods for transferring any Personal Data, to lock your computer screens when not at your desk, to not use personal computers or other devices, to lock drawers and filing cabinets, to not take Personal Data away from Company’s premises without authorisation).

 

RIGHTS OF DATA SUBJECTS

Right to withdraw consent (Article 7 GDPR)- You have the right to withdraw your consent to the processing of your data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to access (Article 15 GDPR) -You have the right to obtain confirmation as to whether or not Personal Data concerning you are being processed and to provide more information.

Right to rectification (Article 16 GDPR) - If incorrect data are processed, you have the right to request their correction. Incomplete data must be completed taking into account the purpose of the processing.

Right to erasure (Article 17 GDPR) - If there are certain reasons for deletion, you have the right to have the Personal Data deleted. This is particularly the case if they are no longer necessary for the purpose for which they were originally collected or processed.

Right to restrict processing (Article 18 GDPR)- You have the right to limit processing under certain conditions.

Right to portability (Article 20 GDPR)- In some circumstances, where you have provided Personal Data to us, you can ask us to transmit that Personal Data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.

Right to object (Article 21 GDPR)- You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data. Data Subjects may object to direct marketing and related profiling at any time.

Automated decision (Article 22 GDPR)- You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.

In some circumstances in which the Data Subject chooses not to provide any Personal Data or where any of the rights set out above are exercised to limit the processing of its Personal Data we may be unable to continue our business relationship.

We have also obligation to communicate any rectification or erasure of data or restriction of processing to each recipient to whom the Personal Data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

If you would like to exercise your rights, you can email dpo@mettmann.biz. We aim to respond within 30 days from the date we receive privacy-related communications. You have the right to complain to the Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.dataprotection.gov.cy).

​

RETENTION POLICY

The Company will hold data in accordance with our Data Retention Policy (link). We will only hold data for as long as necessary for the purposes for which are collected and/or as required under any legal provision to which we are subject and/or for such other periods as can be lawfully justified in each case.

Any requests for further information in relation to our retention policy should be made directly to the Data Protection Officer.

 

CHANGE TO THIS PRIVACY NOTICE

Mettmann keeps this Policy under review in order to ensure that it is in line with any changes to the laws relating to privacy of your Personal Data. Any updates will appear on the Company’s website at www.mettmann.biz

bottom of page