Personal data processing policy

DATA PRIVACY POLICY

A.M. One Visit Solution Ltd dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with Personal Data Privacy legislation (GDPR) as currently in force and Cyprus Republic Law 125/2018.

 As part of this fundamental obligation, A.M. One Visit Solution Ltd is committed to the appropriate protection and use of personal information/data (sometimes referred to as "personally identifiable information" or "PII") that it collects either online, or by the professional services it offers, or by its communications/cooperation by any third party. A.M. One Visit Solution Ltd has adopted this policy about the privacy of Personal Data (the Policy) in order to assist in establishing and maintaining an adequate level of Personal Data privacy in the collecting, processing, disclosing and cross-border transfer of Personal Data including that relating to personnel, clients and external contractors of company.

Our commitment to privacy is a natural extension of KPMG’S commitment to client confidentiality, and is based on the conviction that respecting individual privacy is not only the right thing to do, but it enhances our business and the safe navigation of our website.

We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal data and explains your rights and our obligations when doing so.

1. What information and personal data we have about you

This information and personal data may either be directly provided by you or the legal entity for which you work for or provided by a third party (supplier, service provider, business associate etc.).

We may collect various types of personal data about you, according to the purposes for which they are collected, including:

• your identification information (e.g. name, first name, last name, ID card or passport numbers, email and/or postal address, fixed and/or mobile phone number.);

• financial information (e.g. bank account details)

• your electronic identification data where required for the purpose of the delivery of services to our firm (e.g. login, access right, passwords, employee number, IP address, online identifiers/cookies, logs, access and connection times).

2. Receiving confidential or personal information 

A.M. One Visit Solution Ltd, when receive personal or confidential information from another member firm or from a third party, it shall:

• keep personal information and data confidential and secure, and only disclose such information to that personnel who have a legitimate business reason to access such information and to the public authorities according to the applicable legislation,

• Establish additional security measures and/or disclosure restrictions at the transferring party’s written request.

Where A.M. One Visit Solution Ltd acts as a Data Controller, it shall comply with GDPR, Cyprus Republic Law 125/2018 and among others:

• apply all appropriate measures for compliance and data protection by design and default

• implement appropriate technical and organizational security measures to protect personal data.

• reporting data breaches to DPAs and the data subject.

• work with supervisory authorities.

• facilitate the exercise of data subject rights.

3. For which purpose do we use your personal data

We process your personal data for a specific purpose and only process the personal data which is necessary and relevant to achieving that purpose.

In particular, we process personal data for the following purposes always in accordance with the nature of our collaboration as well as applicable legislation and regulations:

• perform our contractual obligations towards you or to take pre-contractual steps at your request and/or consent;

• manage our suppliers and subcontractors;

• monitor activities at our facilities, including compliance with applicable policies as well as health and safety rules in place;

• manage our IT resources, including infrastructure management and business continuity;

• preserve the firm’s economic interests;

• ensure compliance and reporting (such as complying with our policies and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud, conducting audits and defending litigation);

• archiving and record-keeping;

• billing and invoicing; and

• any other purposes imposed by law and authorities.

4. How we use your personal data

According to Cyprus and EU law, we will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if we have a basis or “ground” under the law to do so, such as:

• Performance of a contract: this is when the processing of your personal data is necessary to perform our obligations under a contract;

• Legal obligation: this is when we are required to process your personal data to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;

• Legitimate interests: we will process your personal data where it is in our legitimate interest, so long as it doesn’t outweigh your interests and freedoms;

• Vital interests: the processing is necessary to protect the vital interests of the relevant individual or of another natural person;

• Public Interest: the processing is necessary for the performance of a task carried out in the public interest; or

• Your consent: in some cases, and in addition to your contract, we will ask you for specific permission to process some of your personal information, and we will only process your personal data in this way if you agree for us to do so. You may withdraw your consent at any time by contacting us at info@one-visit.com

5. Who has access to your personal data and to whom are they transferred?

A.M. One Visit Solution Ltd do not share personal data with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.

A.M. One Visit Solution Ltd work with reputable partners, service providers or agencies so they can process your personal data on our behalf. We will only transfer personal data to them when they meet our strict standards on the processing of data and security. We ensure that the external services providers that have access to or use confidential information are bound by contractual obligations to maintain the confidentiality and security of the information. 

A.M. One Visit Solution Ltd includes a confidentiality clause in the General terms of Business, and confidentiality or non-disclosure agreements may be signed at times with third parties, (i.e. external service providers that have access to confidential information).

6. Protection of your personal data

We have implemented appropriate organizational and technical measures to provide a high level of privacy and security to your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and other illegal forms of processing.

A.M. One Visit Solution Ltd incorporates the protection of personal data as an integral part of its business operations by design and by default, so as to protect the rights of data subjects, such as user management policy, distinct roles and responsibilities, backups, physical security measures, policy of destruction of personal data etc.

7. Retention of and access to personal data 

To the extent not prohibited by applicable laws or regulations, A.M. One Visit Solution Ltd:

• retains personal data for 3 years at least, and in any case as long as and until the purpose of collection the data is achieved, subject to any requirements to retain information otherwise, in order to comply with any applicable law, regulation, professional requirements or standards,

• maintains a process in place to determine and track the types and location of personal data it hold about you,

• enables you to have access to your personal data that is maintained by KPMG, and allows you  to review and correct any errors with respect to your personal information as required by applicable laws and regulations.

8. Your privacy rights 

The rights to protect your data, as listed in the legislative framework of the GDPR, are as follows:

 •Right of access to data: You have the right to request to have the right to access your personal data, in accordance with Article 15 of GDPR. With the request for access you can be informed about the purposes of the processing, the relevant categories of personal data, the recipients to whom the data have been or will be communicated, the period for which they will be stored.the right of access to data, the rectification the erasure / right to be forgotten, the restriction of processing of personal data, the objection to processing of personal data, the data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority. 

• Right to rectification: You have the right to demand the correction of inaccurate data as well as the completion of incomplete data concerning you, in accordance with Article 16 of GDPR.

• Right to restriction of processing: You are entitled to request the restriction of the processing of your personal data, under the conditions of Article 18 of GDPR.

• Right to object to processing: You have the right to object to the processing of your data at any time and for reasons related to your particular situation, to the processing of personal data concerning you, when this is based on Article 6(1)(e) or (f) of GDPR. 

• Right to be forgotten: When you no longer wish to process and retain your personal data, you have the right to request their deletion, provided that the data are not kept for a specific legitimate and stated purpose, in accordance with Article 17 of GDPR

• Right to data portability: You are entitled to receive or request the transfer of your data, in a machine-readable form, from us to another controller, if you wish, in accordance with Article 20 of GDPR.

For any complaint you may use our Complaint Form (PDF 172 KB) and you may contact us at info@one-visit.com

Finally, you always have the right to lodge a complaint with Office of the Commissioner for Personal Data Protection. 

[www. dataprotection.gov.cy, Call Center: 22 818 456, Fax: 22 30 45 65, Ηλεκτρονικό Ταχυδρομείο: commissioner@dataprotection.gov.cy]