Your personal data is important and we take an extra care on how we handle all personal data. This Privacy Policy will help you understand what personal data we collect, why we collect it, how do we handle it and store it and what we do with it. TMH remains to be committed to respecting privacy when dealing with personal information collected by and in accordance with the EU General Data Protection Regulation 2016 (the “GDPR”).
This Privacy Policy applies to the Company TMH (East Med) Ltd (hereafter “TMH”) which has a registered office at the following address: Thevra Court, Flat 201Avgoustou Picard 1, Neapoli, 3101, Limassol, Cyprus (company registration no.HE193796).
This Privacy Policy applies to information TMH collects about individuals who deal, trade, interact, contract, apply for a job or otherwise (as the case may be) with TMH worldwide, including third countries. TMH collects and uses the following information:
We collect Personal Data and keep them in electronic or hardcopy records and we use combination technical and organisational measures to ensure that your Personal Data is kept confidential and secure.
In particular, we collect the following types of Personal Data relevant to you and provided by you (“Personal Data”):
We will only use your personal data for the purposes for which we collected it.
Where deemed necessary, we may need to use your personal data for other purposes, which are compatible with the original purpose, and you will be informed about that.
We use your Personal Data for the following purposes:
The collection of your Personal Data is required for purposes of execution and performance under the contract we have with you or based on your request for our services, since the Company, as the Data Controller needs to maintain and process information about you to run its business relationship effectively, lawfully and appropriately, during the usual course of business. The processing of your Personal Data does not include automated decision – making or profiling, as referred to in article 22 (1) and (4) of the GDPR.
The following principles have been adopted by the company in order to collect, use, retain, transfer, disclose and destroy personal data:
TMH processes Personal Data in accordance with data subject rights, which means lawfully, fairly and in a transparent manners.
TMH informs Data Subjects through various documents and mainly through this privacy policy about what processing will be carried out (transparency), ensures the processing matches the description given to the Data Subject (fairness), and requires the processing to be for one of the purposes specified in the applicable GDPR regulation (lawfulness).
TMH ensures that any Personal Data it processes is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. Individuals may ask TMH to correct inaccurate Personal Data relating to them. If employees believe that Personal Data are inaccurate then they record the fact that the accuracy of the information is disputed and inform the general manager accordingly.
TMH ensures that Personal Data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. TMH does not store any Personal Data beyond what is strictly required.
TMH takes appropriate security and organizational measures to prevent the personal data for being accidentally or deliberately compromised.
The following general principles apply:
Data Sources: Personal Data are collected from a data subject if one of the following conditions applies:
In certain cases, and as an exception to the rule of processing personal data only to the extent necessary, TMH may collect Personal Data based on the Data Subject’s consent. Any request from TMH for a consent will be made to the data subject in clear and understandable manner, with respect to a specific processing of personal data for one or more specific purposes. Data Subject holds the right to revoke a consent at any time.
The responsible GDPR implementation team in cooperation with the external IT advisors establishes a system for attaining and documenting data subject consent for the collection, processing, and/or transferring of their Personal Data. TMH maintains relevant Consent procedure as guidelines on the details of when the consent
TMH do not process Personal Data unless it has identified a lawful basis for the processing, i.e. provided that at least one of the following requirements is met:
TMH provide documented information to individuals in order to provide specific information to them on ‘how the company uses their data’. The privacy notice is supplied to the individual at the time they provide the company with their Personal Data.
TMH does not process special categories of data such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
TMH adopts physical, technical, and organizational measures to ensure the security of Personal Data. This includes, unauthorised modification, the prevention of loss or damage, access or processing, and other risks to which it is by human action or the physical or natural environment.
The minimum set of security measures which has been adopted by TMH is provided in the company Data Protection Management System, for employees to follow on a daily basis.
Data Subjects have access rights to their personal information irrespective of when the record was created. To exercise this right, an individual makes a written request.
Below listed are the data subject rights to which TMH will adhere to if, and when required:
All individuals who’s Personal Data are held by the Company, are entitled to:
TMH will be examining and providing an appropriate response within 30 days of the receipt of the written request from the Data Subject.
Data Subjects shall have the right to require TMH to correct or supplement incorrect, misleading, outdated, or incomplete Personal Data. Once identification of the requestor has been confirmed, data on the individual is to be updated. TMH Ltd confirms that an update has occurred according to the information provided. The request is recorded in the data subject request log.
A Data Subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must comply with the request. Note, that exemption may apply and we may not always be able to comply with your request related to the erasure due to specific legal reasons which will be notified to you, if applicable, at the time of your request.
The data subject has the right to object at any time to processing of Personal Data under the following circumstances:
Data Subject has the right to receive a copy of their data in a structured format. These requests will be processed within 30 days, subject to the amount of information required. A Data Subject may also request that their data is transferred directly to another system. In this case, the transfer of the data is done free.
If TMH cannot respond fully to the request within 30 days, company will provide reasons and communicate these to data subject.
We will not charge you for data transfer. However, if evaluated that your request is clearly unsupported, repetitive or excessive, we may charge a reasonable fee.
At any transfer of Personal Data which are undergoing processing or are intended for processing after transfer outside of the EU, TMH ensure these data are being processed under legitimate basis or under Data Subject’s consent and as per Data Transfer Procedure.
Where third party processing takes place, TMH identifies if third party is Data Controller or a Data Processor and enters into appropriate agreements.
We do not share the information we collect about you with any 3rd parties. However, we may share this information with law enforcement agencies, Government and regulatory bodies to meet legal and regulatory obligations.
NOTE: European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision for certain non-EU countries and these are: Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay. Data transfer to these countries is expressly permitted.
Adequacy talks are ongoing with South Korea.
Any employee who suspects that a Personal Data breach has occurred due to the theft or exposure of Personal Data must immediately notify the company GDPR team providing a description of what occurred. Refer to “Data Breach Notification Procedure” for further guidance.
We will only keep your personal data for as long as they are required to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Details of retention periods for different aspects of your personal data are available in our Retention Guidelines, which can be provided to you at any time upon request.
We regularly review our privacy notice. This version was last updated on 23.03.2023.
All revisions as stated in the documents control table at the start of this policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed on any changes of your personal data changes during your relationship with us.
The management team ensures that all employees responsible for the processing of Personal Data are aware of and comply with the contents of this Privacy Policy. All inquiries about this Privacy Policy are directed to the GDPR team via mail@tmh-eastmed.com