Privacy Policy

Products » Privacy Policy

Privacy Policy

1. Introduction

Your personal data is important and we take an extra care on how we handle all personal data. This Privacy Policy will help you understand what personal data we collect, why we collect it, how do we handle it and store it and what we do with it. TMH remains to be committed to respecting privacy when dealing with personal information collected by and in accordance with the EU General Data Protection Regulation 2016 (the “GDPR”).

This Privacy Policy applies to the Company TMH (East Med) Ltd (hereafter “TMH”) which has a registered office at the following address:  Thevra Court, Flat 201Avgoustou Picard 1, Neapoli, 3101, Limassol, Cyprus (company registration no.HE193796).

This Privacy Policy applies to information TMH collects about individuals who deal, trade, interact, contract, apply for a job or otherwise (as the case may be) with TMH worldwide, including third countries. TMH collects and uses the following information:

We collect Personal Data and keep them in electronic or hardcopy records and we use combination technical and organisational measures to ensure that your Personal Data is kept confidential and secure.

In particular, we collect the following types of Personal Data relevant to you and provided by you  (“Personal Data”):

  • Basic Identification Data: such as name/surname/email/email content / contact address /phone number/ Business contact details
  • Customer complaint content
  • Payment details
  • Email and, such as position, department, offices address, phone numbers, e-mail and other emergency contact details (as long as they are provided by you) such as family members’ names or other person’s and contact details (address, phone number).
  • CV’s details such as application forms and references, education, working experience, diplomas, specialization, photo and correspondence with or about you during your recruitment.
  • Your email and basic contact details required for newsletters and promotion based on your consent, which will be obtained through this privacy policy and where you will have a simple and clear option to opt-out and to easily withdraw your consent and unsubscribe.
  • Information available in customer inquiries, quotations, orders, invoices.

2. Purposes for collection and processing

We will only use your personal data for the purposes for which we collected it.

Where deemed necessary, we may need to use your personal data for other purposes, which are compatible with the original purpose, and you will be informed about that.

We use your Personal Data for the following purposes:

  1. Executing day-to day job tasks( ordering, purchasing, shipping, logistics, contracting with vendors, e-meetings)
  2. Managing customer complains in relation to our company services
  3. Complying with regulatory requirements
  4. Recruitment purposes
  5. Protection of the company legal interests and mainly the protection of individuals and property
  6. To serve TMH legitimate interests, to the extent that such interests are not overridden by the interests or fundamental rights and freedoms of data subjects.
  7. Promotion and marketing of the company, based on your consent

The collection of your Personal Data is required for purposes of execution and performance under the contract we have with you or based on your request for our services, since the Company, as the Data Controller needs to maintain and process information about you to run its business relationship effectively, lawfully and appropriately, during the usual course of business. The processing of your Personal Data does not include automated decision – making or profiling, as referred to in article 22 (1) and (4) of the GDPR.

Responsibilities under this policy

  • All employees handling personal data ensure that the data are handled and processed according to data protection requirements and according to relevant data protection management system.
  • The only personnel allowed to access data covered by these guidelines are those who need it for work purposes.
  • The Company provides training to all employees to raise awareness and understanding about their responsibilities when handling data.
  • Employees must keep all data secured, by taking sensible precautions and following the guidelines below.
  • Employees must not store their personal data which are not work related to their work PCs and storage devices
  • Passwords must be used and must be shared with co-workers or any third party.
  • Personal Data must not be disclosed to unauthorized individuals, either within or outside the company
  • Personal Data must be regularly reviewed and updated and if not valid must be deleted
  • Employees work e-mail may be accessed upon their absence strictly due to the legal interest of the employer and for the business continuity purposes.
  • Former Employees e-mails may be accessed by the employer strictly due to the legal interest of the employer and for the business continuity purposes.

3. Company’s Principles

The following principles have been adopted by the company in order to collect, use, retain, transfer, disclose and destroy personal data:

4. Fair and Lawful Processing

TMH processes Personal Data in accordance with data subject rights, which means lawfully, fairly and in a transparent manners.

TMH  informs Data Subjects through various documents and mainly through this privacy policy  about what processing will be carried out (transparency),  ensures the processing matches the description given to the Data Subject (fairness), and requires the processing to be for one of the purposes specified in the applicable GDPR regulation (lawfulness).

5. Data Limitation & Minimization

TMH ensures that any Personal Data it processes is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. Individuals may ask TMH to correct inaccurate Personal Data relating to them. If employees believe that Personal Data are inaccurate then they record the fact that the accuracy of the information is disputed and inform the general manager accordingly.

TMH ensures that Personal Data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. TMH does not store any Personal Data beyond what is strictly required.

6. Data Security

TMH takes appropriate security and organizational measures to prevent the personal data for being accidentally or deliberately compromised. 

The following general principles apply:

  • When working with Personal Data, employees ensure the screens of their computers are always locked when left unattended.
  • Personal data are not to be shared informally.
  • Data, if necessary, will be password protected before being transferred electronically.
  • Personal data are transferred outside EU according to the data transfer procedure

7. Data Storage

  • Personal Data relating to TMH are stored only on approved and secure devices.
  • In cases where data are stored on a hard copy, they are kept in a physically secured place where Unauthorised personnel does not have an access.
  • Printed data are securely shredded when they are no longer needed.
  • Data stored on a computer are protected by strong passwords that are changed regularly according to IT experts advise and guidelines
  • Data stored on external devices are removed securely when they are not being used.
  • Data are regularly backed up
  • All servers containing Personal Data are properly protected by security tools.

8. Data Accuracy

  • TMH is working towards keeping the data accurate and up to date.
  • Data subjects may inform the relevant departments about their data change or request to review data via ‘’data subject request form’’ and advise on any changes that may have occurred.
  • Data are updated if any changes or inaccuracies have been identified; for instance, if a data subject has changed their stored telephone number, it is being removed from database.

9. Data Collection

Data Sources: Personal Data are collected from a data subject if one of the following conditions applies:

  • The nature of the business purpose necessitates collection of the Personal Data.
  • The collection is carried out under emergency circumstances in order to protect the vital interests of the data subject or to prevent serious loss or injury to another person.
  • Where it has been determined that notification to a data subject is required, privacy notice is given promptly or a consent has been obtained.

10. Data Subject Consent

In certain cases, and as an exception to the rule of processing personal data only to the extent necessary, TMH may collect Personal Data based on the Data Subject’s consent. Any request from TMH for a consent will be made to the data subject in clear and understandable manner, with respect to a specific processing of personal data for one or more specific purposes. Data Subject holds the right to revoke a consent at any time.

The responsible GDPR implementation team in cooperation with the external IT advisors establishes a system for attaining and documenting data subject consent for the collection, processing, and/or transferring of their Personal Data. TMH maintains relevant Consent procedure as guidelines on the details of when the consent

11. Conditions for Processing

TMH do not process Personal Data unless it has identified a lawful basis for the processing, i.e. provided that at least one of the following requirements is met:

  • the Data Subject has given consent for one or more specific purposes;
  • processing is necessary for the performance of a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the Data Subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a minor.

TMH provide documented information to individuals in order to provide specific information to them on ‘how the company uses their data’. The privacy notice is supplied to the individual at the time they provide the company with their Personal Data. 

11.1 Special categories of data

TMH does not process special categories of data such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

11.2 Data Protection

TMH adopts physical, technical, and organizational measures to ensure the security of Personal Data. This includes, unauthorised modification, the prevention of loss or damage, access or processing, and other risks to which it is by human action or the physical or natural environment.

The minimum set of security measures which has been adopted by TMH is provided in the company Data Protection Management System, for employees to follow on a daily basis.

12. Data Subject Requests Procedure – Protect Individual Rights

Data Subjects have access rights to their personal information irrespective of when the record was created. To exercise this right, an individual makes a written request.

Below listed are the data subject rights to which TMH will adhere to if,  and when required:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure(where applicable)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

13. Data Subject Requests

All individuals who’s Personal Data are held by the Company, are entitled to:

  • Be informed about their personal data kept by our company and why.
  • Make inquiries on how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how the Company is meeting its data protection obligations.

TMH will be examining and providing an appropriate response within 30 days of the receipt of the written request from the Data Subject.

14. Request for Data Correction

Data Subjects shall have the right to require TMH to correct or supplement incorrect, misleading, outdated, or incomplete Personal Data. Once identification of the requestor has been confirmed, data on the individual is to be updated. TMH Ltd confirms that an update has occurred according to the information provided. The request is recorded in the data subject request log.

15. Request for Erasure

A Data Subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must comply with the request. Note, that exemption may apply and we may not always be able to comply with your request related to the erasure due to specific legal reasons which will be notified to you, if applicable, at the time of your request.

16. Right to Object to Processing

The data subject has the right to object at any time to processing of Personal Data under the following circumstances:

  • Personal Data is processed for direct marketing purposes
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to the controller
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

17. Request for Data Transfer

Data Subject has the right to receive a copy of their data in a structured format. These requests will be processed within 30 days, subject to the amount of information required. A Data Subject may also request that their data is transferred directly to another system. In this case, the transfer of the data is done free.

If TMH cannot respond fully to the request within 30 days, company will provide reasons and communicate these to data subject.

We will not charge you for data transfer. However, if evaluated that your request is clearly unsupported, repetitive or excessive, we may charge a reasonable fee.

18. International Data Transfers & Transfers to Third Parties

At any transfer of Personal Data which are undergoing processing or are intended for processing after transfer outside of the EU, TMH  ensure these data are being processed under legitimate basis or under Data Subject’s consent and as per Data Transfer Procedure.

Where third party processing takes place, TMH identifies if third party is Data Controller or a Data Processor and enters into appropriate agreements.

We do not share the information we collect about you with any 3rd parties. However, we may share this information with law enforcement agencies, Government and regulatory bodies to meet legal and regulatory obligations.

NOTE: European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision for certain non-EU countries and these are: Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay. Data transfer to these countries is expressly permitted.

Adequacy talks are ongoing with South Korea.

19. Reporting Breaches

Any employee who suspects that a Personal Data breach has occurred due to the theft or exposure of Personal Data must immediately notify the company GDPR team providing a description of what occurred. Refer to “Data Breach Notification Procedure” for further guidance.

20. Collection of Evidence & Prohibited Activities

In order to establish compliance with the EU General Data Protection Regulation (GDPR), TMH creates and maintains a wide range of documentation. GDPR Training

21. Data Retention

We will only keep your personal data for as long as they are required to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Details of retention periods for different aspects of your personal data are available in our Retention Guidelines, which can be provided to you at any time upon request.

22. Policy Review & revisions

We regularly review our privacy notice. This version was last updated on 23.03.2023.

All revisions as stated in the documents control table at the start of this policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed on any changes of your personal data changes during your relationship with us.

The management team ensures that all employees responsible for the processing of Personal Data are aware of and comply with the contents of this Privacy Policy. All inquiries about this Privacy Policy are directed to the GDPR team via mail@tmh-eastmed.com