GDPR Policy
As of 25 May 2018, we will be complying with the General Data Protection Regulation (GDPR) of the European Union. Our GDPR compliance policy is stated below.
Customer Data Rights
Our GDPR compliance policy has been developed taking into account your right to access to, revision of, limitation of and deletion of your data. You can access your full list of rights here:
European Commission > Law > Law by topic > Data protection >Reform > Rights for citizens > My rights
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_en
Customer Contact & Registration Data
We keep and use customer data limited to contact data gained by:
-
Registrations on the NavInvest Greece website, either via Member Registrations or Mailing List registrations. This information typically comprises first name, last name, email address, and telephone number.
-
Customer data handed to us voluntarily, such as in terms of exchange of business cards
-
User registration data collected for training events, conference registrations, or similar activities.
-
Inquiries and other information that derives from the exchange of emails, both within our website and via standard email.
We do not keep customer payment information, credit card numbers, or other payment information. Any processing of such information will be implemented by third-party online payment organisations or physical organisations (e.g. training or conference organisers).
We do keep contact information from both individuals (e.g. one-person companies or freelancers) as well as employees of organisations which provide a corporate email and telephone number.
Any online registration information, e.g. user passwords, are encrypted and cannot be seen by our website administrators. They will only be changed at user request.
Sensitive Customer Data
We do not keep or process any data considered as “sensitive” under the GDPR meaning:
-
racial or ethnic origin;
-
political opinions;
-
religious or philosophical beliefs;
-
trade union membership;
-
processing of genetic data;
-
biometric data for the purpose of uniquely identifying a natural person;
-
health;
-
sex life or sexual orientation.
Social Media Data
We manage a social media ecosystem that include Facebook, LinkedIn, Twitter and Google+ profiles, pages and groups. Any customer data shared with these sites, such as customer IDs shared using “like” or “follow”, are bound by the terms of agreement of each respective social media platform.
Contract Data
In some cases, we have contracted to provide consultancy service with or to individuals, and our contracts may reflect a full individual name, date of birth, residential address and passport, tax or national identification (ID) number. This information is part of a legal contract and is bound by the non-disclosure and confidentiality terms of that contract.
Payment (Invoice) Data
In some cases, we make national or international payments to individual contractors. In this case, the contract and invoice documentation may contain payment information such as a bank account number (IBAN), SWIFT code, bank name and address, VAT or tax number and related information. All such information is kept as part of a contract or invoice document.
Project Data
Data on customers for whom consulting projects have been implemented are kept on encrypted files regulated under non-disclosure agreements and confidentiality policies that have been agreed upon under project contract. While the data here mainly concerns companies, in some cases we have implemented projects for individual organisations, particularly in the tech sector. All safeguards and procedures agreed upon in project contracting remains in effect.
Online Customer Data Storage
Customer data is stored in our online databases:
-
on the NavInvest Greece website, via self-entry of data, either on the newsletter sign-up or via the Member Account creation;
-
on Mailchimp (www.mailchimp.com), a third-party electronic newsletter application that we use to coordinate electronic mailing.
Offline Customer Data Storage
Customer data is stored in our corporate database. Data collected and stored for this purpose typically derives from the NavInvest Greece website, conference and event registrations, projects, business card exchange and related activities. All data is collected and stored by two employees within our company, one of whom is our Data Protection Manager.
Uses of Customer Data
Customer data is used to:
-
Verify your user name and password as you log in to our website (where relevant);
-
Send you electronic newsletters and related information specifically relating to our business, which you are free to unsubscribe from.
Customer data may also be stored as contract documents, invoices, or project documents.
Unethical Uses of Customer Data
Please note that we will never:
-
Harvest or scrape customer data from online resources
-
Purchase and use customer data from unverified sources
-
Sell customer data to third parties
We will never transfer your data to any entity outside the Numenor Capital Partners group either within or outside the European Union.
Finding out about Your Data
If you would like to learn what customer data we store relating to your organisation, please contact our Data Manager at info@navigator-consulting.com. We will contact you to confirm your identity prior to releasing any information.
Revising Your Data
If you would like to revise or update your customer data, please send your updated information to info@navigator-consulting.com. We will contact you to confirm your identity prior to updating or revising any information.
Deleting Your Data
If you wish to delete your data, please contact us with a specific request at info@navigator-consulting.com.
Storage Term
We store and use customer data indefinitely.
Data Accuracy
We take all measures to ensure that customer data stored is accurate and relevant to the purpose for which it has been provided.
Data Protection Officer
Our Data Protection Officer is:
Philip Ammerman
Company Identification
All data is collected and stored by:
Numenor Capital Partners IHS Ltd.
Classic House
133 Archbishop Makariou Avenue
Limassol 3085
CYPRUS
Data Protection Authority
Our data protection authority is the Cyprus Commissioner for Personal Data Protection. Please refer to the European Commission Data Protection Authorities website (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) in case of updates.
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
e-mail: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy/