Privacy Policy
Cedar Rose Int. Services Limited. (“the Company" or “Company” or “we” or “us”) knows that you care about how your personal data is used and shared, and the Company considers the protection and security of your personal data as a serious matter. The Company is a business intelligence agency providing data, reports and services to clients all over the world and supports these clients in mitigating their risks by offering services considered in the public best interest and for the prevention of crime.
This Privacy Policy is intended to inform our customers, partners, suppliers, and website users about the personal data collected and processed by the Company, for the purposes of processing. Also, this Privacy Policy aims to provide information to the data subjects regarding their rights, as required under the General Data Protection Regulation 2016/679 and as may be amended from time to time (“GDPR”) and in accordance with the applicable national and European legislation on personal data protection.
Please read the following to learn more about our Privacy Policy.
1. Definitions
The following definitions are provided for the convenience of the user and are derived from the text of the GDPR on the processing of personal data:
“personal data”: is any information relating to an identified or identifiable natural person (‘data subject’ ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
“ processing ”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
“ controller ”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data·
“ processor ”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
2. What personal data does the Company collect and for which purposes?
We only collect absolutely necessary data, which is appropriate and clear for the purpose for which it is intended. The Company collects personal data in the following cases:
2.1 For registration and login on the CRiS Intelligence Platform
To register to CRiS Intelligence Platform, you must contact us by following the link displayed on the CRiS Intelligence Platform web page. For the data we process via the “Contact Us” field please refer to paragraph 2.3.1 of the Privacy Policy. Following your communication with us, if you wish to register to the CRiS Intelligence Platform (i.e. account creation) we will ask you to provide us with an email address. Once your registration to CRiS Intelligence Platform is complete, you will need to enter your email address and password to login in your account.
It is important that the personal data we hold is accurate and complete. You can modify your information if your personal data changes during your collaboration with us by contacting your Account Manager.
Finally, during your registration process with the Company you will be asked if you wish to receive email from us. You can indicate your preference at that stage, and you can change your preference at any time by contacting your Account Manager.
2.2 Information collected through cookies
We also receive information collected from the use of cookies in your browser. Cookies are alphanumeric identifiers that are transferred from our system to your computer’s hard drive through your browser to enable our systems to recognise your browser and tell us how and when pages on our website are visited and by how many people. We use cookies to enhance visitors’ experiences, learn more about their use of the services and improve quality.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways.
For more information about cookies and how you can set or alter your consent preferences upon cookies please refer to the Company's Cookies Policy which is available on our website.
2.3 Contact Us Form, Newsletter Subscription, Live Chat, Book a Meeting and Careers Page options.
In Cedar Rose, we place a high priority on ensuring efficient and effective communication with you. To cater to your diverse needs and preferences, we provide a variety of communication methods. This way, you can select the option from the ones mentioned below and displayed on our website that best fits your unique requirements and circumstances.
2.3.1 Contact Us Form
If you wish to communicate with us, you can do so by the “Contact Us” section on our website. By selecting the “Contact Us” option on our website you can complete your information and send us your communication request. The data we receive from you that are mandatory to proceed with the communication request are the following:
- First Name
- Last Name
- Company Email Address
- Telephone Number
- Company Name
- Which solution you are interested in (by selecting one of the given options)
- Industry
- Message
We also ask for the following information that, is not mandatory and you do not have to provide us with to proceed with the communication request. The following information is asked to better understand your request and have more detailed insight into you and your organisation. Specifically, we ask for the following non mandatory information:
- Job Title
- Country
2.3.2 Newsletter Subscription
If you wish to subscribe to our newsletter and receive news about the industry or our services, you can do so via the relevant “Subscribe” section on our website. You must enter your first name, last name and email address and click the “Subscribe” button on our website.
Please note that if you no longer wish to receive emails from us, you can unsubscribe from our newsletter at any time by choosing the unsubscribe button you can find at the end of every email communication you receive from us.
We often receive a confirmation when you open an email from the Company if your computer supports this type of program. The Company uses this confirmation to help us make emails more interesting and helpful.
2.3.3 Live Chat
On our website you can find a Live Chat option on the bottom right of the page. In case you choose this communication method you must provide us with the following information:
- Name
- Company Name
In addition to the above you can also send us your question in detail, by writing it down to the relevant section of the “Chat With Us” option.
2.4 Book a Meeting
If you wish to Book a Meeting with us, you can easily schedule one via the relevant section of our website by providing us with the following mandatory information:
- First and Last Name
- Email Address
- Phone Number
- Job Title
- Company Name
- Any additional personal Information you add in the notes section
2.5 Careers Page
If you wish to work with us, you can find the Careers page on our website to search for job vacancies that are available at the time. If you wish to apply to any of the positions available, we ask you to provide us with the following:
- Email Address
- Your CV
Please kindly note that it is important that the personal data we hold about you is accurate and complete. Please keep us informed if your personal data changes during your collaboration with us.
3. Legal Basis of the Processing
- The Company in accordance with article 6 of the GDPR, processes your personal data as described above by virtue of one of the following legal bases:
- your consent to the processing of your data for one or more specific purposes (Art. 6 par. 1 (a) GDPR).
- a contract and/or agreement you have entered into with the Company to serve the purposes of that contract/agreement (Art. 6 para. 1 (b) GDPR).
- safeguarding Company's legitimate interests (Article 6 par. 1 (b) of the GDPR).
- the purposes of complying with its legal obligations (e.g., in case of compliance with warrants issued by courts or public authorities, etc.) (Art. 6 par. 1 (c) GDPR).
4. Will the Company share any of the personal datait receives?
Respecting our user's personal data and privacy is an integral part of our business. Please keep in mind that access to your data has the absolutely necessary staff of the Company, which is committed maintaining confidentiality, any member of our group, which means our ultimate holding company and its subsidiaries and our cooperating companies or third-party service providers, which process your data either as Independent Controllers or as Joint Controllers or as Processors on our behalf and in accordance with our orders and in any case strictly for the aforementioned purposes. We may also disclose your personal information if we are required by law to do so, for law enforcement purposes.
Business Transfers and Bankruptcy: In case the Company, or substantially all its assets is acquired, or in the unlikely event that the Company goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party.
Transfer of Data outside the EEA: There may be occasions where your data is transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by our staff or contractors working outside the EEA. Such staff or contractors may be engaged in the fulfilment of the services we provide and for the processing of payment details. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Policy. We will ensure that relevant safeguards are in place if transferring your personal data in accordance with the provisions of Articles 44-49 of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).
Protection of Company and Others: We may disclose personal data when we are obligated to do so in order to comply with a legal obligation imposed by the law, a court decision etc.; or protect the rights, property, or safety of the Company, our employees, our users. This disclose, includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
With Your Consent: Except as set forth above, you will be notified when your personal data may be shared with third parties and will be able to prevent the sharing of this information.
5. Is my personal data secure?
The Company endeavors to protect your data and to ensure that your data is kept private. We have strict policies in place (e.g. Security Policy, Retention Policy, Data Breach Policy etc.) in order to prevent unauthorised entry or use, hardware or software failure, and other factors, that may compromise the security of user information at any time. In addition, the Company is ISO/IEC 27001:2013 certified and applies the following Information Security Policy.
The website contains links to and interactions with other sites and services. The Company is not responsible for the privacy policies and/or practices of other sites and services which are not owned or managed by the Company. This Privacy Policy addresses only the use and disclosure of personal data we collect and hold about you.
If you disclose your data to others, different rules may apply to their use or disclosure of the data you disclose to them. The Company does not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.
6. How long does the Company retain personal data?
We will only retain personal data for as long as it is necessary to fulfil the purposes we have collected it for. More specifically:
- Personal data collected for marketing purposes will be retained for as long as you remain subscribed to our mailing lists or until the time when you inform us that you no longer wish to receive marketing from us.
- Personal data collected for communication purposes are retained by the Company until we assess your business needs and determine if our Company can provide business services to you. In addition, if you agree to receive marketing communications from us at the time of submitting your contact details, your personal details will be retained until you unsubscribe from our marketing mailing list.
- Personal data collected for account management purposes will be retained for as long as we have a relationship with your organisation. If the Company, no longer has a relationship with your organisation then we will only keep the relevant information such as invoices for audit purposes 6 years after the relationship with the Company has ended.
- Personal data collected via the Careers Page will be retained for six (6) months after their submission. We may retain the data you provided us with for an additional period of six (6) months to consider your application for future career opportunities that may arise, given that you have provided us your consent to do so.
- Personal data collected for the registration on the CRiS Intelligence Platform are retained for as long as you remain registered.
7. What rights do I have?
The Company facilitates the management of your personal data and the exercise of your rights in accordance with the applicable national and European legislation and subject to any restrictions that are imposed by GDPR and any applicable national and European legislation. In particular, your rights are the following:
- “Right to Access”: You have the right to be informed by our Company whether we process and maintain your personal data. In case the answer you receive is affirmative, you may request to provide you the personal data we hold for you, or we process.
- “Right to Rectification” or “Right to Rectify”: We will rectify any personal data you provide to us so our data is kept up to date.
- “Right to Erase” or “Right to be Forgotten”: You have the right to ask the erasure of your data so at any point you may ask to delete the personal data we hold for you.
- “Right to Object”: You can object to the processing of your data and request its termination. Your request may be refused by the controller in the event that there are demonstrable legitimate grounds for processing that override your right to object.
- “Right for Data Portability”: You may request to receive your data in a readable format or transfer your data to another controller in case this is feasible.
- “Right to Restrict”: Where the cases of Article 18 of GDPR apply, you can request the restriction of processing.
To request any of the above from the Company you need to send your request in writing to the Company’s Data Protection Officer (“DPO) by email to dpo@cedar-rose.com or by post to the following address requesting a Data Subject Access Request DSAR form with a letter which is known as Data Subject Access Request or DSAR, stating the title of your request (i.e. “Right to Rectification”). Please note that in accordance with Art. 16 par. 7 of GDPR, we may request the provision of additional information concerning you, to the extent necessary to confirm your identity (e.g. a copy of your ID card or passport, proof of address such as a copy of recent and no older than 3 months utility bill or official letter from a government department showing your name, date of birth or ID number). We will try to comply with your request within one month of receipt of your request.
In addition, regarding the cases when the processing of your personal data is based on consent, we would like to let you know that you can freely at any time withdraw your consent by contacting us at the abovementioned contact details. The withdrawal of your consent does not affect the lawfulness of the processing that has already been carried out based upon the legal basis of consent prior its withdrawal.
Finally, you have the right to lodge a complaint if you are a European Citizen, you may complain at any time to the Commissioner for personal data protection in Cyprus where the Company is incorporated at the following details: Postal address: P.O. Box 23378, 1682 Nicosia, Office address: Kypranoros 15 P.C. 1061, Nicosia, tel. +357 22818456, e-mail address commissionerdataprotection.gov.cy ).
8. Links to other websites
If you follow a link from our website to another website that is not owned by and not related to our website, then this Policy does not further apply, as the corresponding policies of the website you are visiting will apply. We encourage you to read these Policies, as we are not responsible for how cookies work and how the website operates since it is not associated with us.
9. Protection of Minors
The Company is committed to protecting the privacy of children. Our website does not address or knowingly collect information from children under the age of 18. In the event that we determine that we have collected personal information from a child without verified parental consent, we will delete that information as soon as possible.
If you have reason to believe that we hold personal data of a person under the age of 18 in our databases, please contact us and we will delete that personal data as soon as possible.
10. Changes to this Privacy Policy
The Company may amend this Privacy Policy from time to time. Use of data we collect now is subject to the Privacy Policy in effect at the time such data is used. Users are bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted. We encourage you to periodically check this page in order to make sure that you are aware of the most current information about our privacy practices. This Privacy Policy was updated on 23/07/2024
11. Questions or concerns?
If you have any questions or concerns regarding privacy in our Services, please send us a detailed message to our Data Protection Officer at dpo@cedar-rose.com, or you can call us at +357 25 346630 or you can sent us your request via post at the following address P.O. Box 50751, 3609, Limassol, Cyprus. We will make every effort to address your concerns without undue delay.