Privacy Policy
Introduction
G.A. Transway Logistics Ltd values your privacy and is committed to protecting your personal information.
This Privacy Policy (‘Policy’) explains how G.A. Transway Logistics Ltd (collectively, with its subsidiaries and affiliates, ‘G.A. Transway Logistics Ltd, ‘we’, ‘us’, ‘our’), a Company incorporated under the laws of the Republic of Cyprus with registration number HE 264271, being a Data Controller, collects and processes your personal information, i.e., information collected online and offline, in accordance with the General Data Protection Regulation (2016/679) and the applicable Data Protection Laws of the Republic of Cyprus (‘the Law’).
Definitions
‘Data Controller’ means the person or organization which determines when, why, and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;
‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;
‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data;
‘Personal data’ means data about the Data Subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access;
‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data. For the purposes of this Policy, Personal Data includes Special Categories of Personal Data.
‘Third Party’ means the recipient of your Personal Data as defined below.
The Kind of Information We Collect About You
The purpose of the Processing of your Personal Data is largely based on each of our services that you have requested:
- Contact details (e.g., name, email address, physical address, phone number)
- Demographic details (e.g., nationality, gender, age group)
- Personal Correspondence (e.g., emails that you send to us, information posted publicly on our social media channels)
- Payment information (e.g., payment card information)
- IP address when you log onto our website
- Any competition responses
- Any additional information that can be necessary for the provision of particular services
In the event that you provide us with Personal Data about other individuals, you warrant to us that you have obtained such individuals’ permission to do so.
We do not collect or process Personal Data of children without prior consent from their parents or legal guardian.
On What Legal Basis Do We Process Your Personal Data
We may collect and process your Personal Data for any or all of the following purposes:
- Are necessary to enter into a contract and/or to perform the contract in order to fulfill the services that you have requested;
- You have given consent to the processing of your Personal Data for a specific purpose (e.g., survey, participating in competitions, receiving newsletters and/or promotional emails, etc.). Consent may be withdrawn at any time by contacting our Data Protection Officer at the contact details provided below;
- Are necessary for the purposes of our legitimate interests or of a third party (e.g., legal claims), except where these interests are overridden by your interests or fundamental rights and freedoms, especially in cases where the Data Subject is a child;
- Is required for complying with the Law and/or any applicable law (e.g., the obligation of keeping accounting records).
Who Receives Your Personal Data
Your Personal Data are only accessible by the following Third Parties:
- The employees with a need for access to fulfill the purposes set out above;
- Any of our sub-contractors and/or service providers, including but not limited to IT service providers, Credit/Debit Card Processing Companies which process credit/debit card payments, Feedback software providers;
- Marketing service providers (e.g., to send e-mails – if you consent and/or opt in to receive newsletters and/or information about prizes giveaways and/or promotional emails, consent and/or opt in to participate in our contests and other such promotional offers etc.);
In the absence of your consent, your Personal Data will not be disclosed to any Third Party, other than the above-mentioned, unless the disclosure is required and/or mandatory under the provisions of any legislation, regulation or upon governmental, supervisory, competent authority request.
Our Data Protection Officer and/or the employees with a need for access to fulfill the purposes set out above have signed a Confidentiality and Non – Disclosure Agreement.
When we enter into an engagement with a Third Party pursuant to which your Personal Data may be processed by that party, we enter into a processing agreement with that party to ensure that this Third Party processes the Personal Data strictly according to our instructions and implements the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized or accidental use, collection, access, damage, loss, or disclosure.
Transferring Your Personal Data Outside the EU and EEA
We generally do not transfer your Personal Data to countries outside the EU and EEA (‘Third Countries’), except where required by the purposes set out in this Policy. If we need to transfer any Personal Data to Third Countries, we always ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.
When Can Personal Data Be Transferred Outside the EU and EEA
- If the European Commission has made a finding that the Third Country, territory, or sectors within the Third Country ensures an adequate level of privacy protection (Adequacy Decision);
- The Third Party has signed the standard data protection clauses (i.e., contract) adopted by the European Commission and agreed to apply the privacy standards of protection of the European Union;
- The Data Subject has provided consent to the transfer.
Retention of Personal Data
We will retain your Personal Data for as long as it is necessary to fulfill the purpose for which it was collected or for as long as is required/permitted by applicable law. We continuously strive to minimize the retention period of data where the purpose, the law or contracts allows us to do so. The data that we collect based on your consent will be kept until you withdraw your consent.
Specific retention periods include:
- Delivery information will be retained for 365 days;
- Reservation information will be retained for 60 days;
- Personal Data received for newsletters and/or information about prize giveaways and/or promotional emails will be retained until you withdraw your consent.
Newsletters
If you register for one of our newsletters, we are entitled to use your e-mail address for this purpose. The legal basis for this data processing is your consent pursuant to the applicable legislation. You may unsubscribe from the newsletter at any time by clicking the relevant link at the bottom of the newsletter. You can also revoke the consent at any time with effect for the future using the contact address provided. If you unsubscribe from our e-mail communications or revoke your consent, the corresponding data will be removed or blocked from the mailing list and will no longer be processed for these purposes.
Including your e-mail address in a blocking list is effected in order to safeguard our legitimate interests pursuant to the applicable legislation.
Protection of Personal Data
To safeguard your Personal Data from unauthorized access, collection, use, damage, loss, disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, and the use of privacy filters to secure all storage and transmission of Personal Data to Third Parties. We also allow access to Personal Data only to those employees who need to know such data and they will only process your Personal Data on our instructions.
However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, we try to protect the security of the Data Subject’s Personal Data and we constantly review and enhance our information security measures.
Your Rights in Relation to Your Personal Data
Right to access: Request access to your Personal Data (commonly referred to as a "data subject access request"). This enables you to receive a copy of your Personal Data that we hold about you.
Right to rectification: Request to correct or update any of your Personal Data which we hold. This enables you to have any incomplete or inaccurate information we hold about you corrected. We strive to retain only Personal Data that is accurate, complete, and up-to-date.
Right to data portability: Request the transfer of your Personal Data to another party.
Right to erasure: Request to delete your Personal Data. However, we may need to retain certain information for legal or administrative purposes, such as record-keeping and fraud detection.
Right to restrict processing: Request to restrict the use of your Personal Data.
Right to object: You have the right to object to the collection and use of your Personal Data (e.g., when we use your Personal Data on the basis of your consent, you can withdraw that consent at any time).
To exercise your rights, contact our Data Protection Officer:
Name: Pambos Charalambous
Address: Kalon Technon 21, Kato Polemidia, 4151, Limassol Cyprus
Email: pambos@transwaycy.com
The Data Protection Officer has the right to require certain identification documents/information to verify your identity. The Data Protection Officer will respond within thirty (30) days of receiving your request.
Right to Lodge a Complaint
You have the right to lodge a complaint about the use of your Personal Data by contacting the Office of the Commissioner for Personal Data Protection in Cyprus:
Office Address: Iasonos 1, 1082 Nicosia, Cyprus
Postal Address: P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Email: commissioner@dataprotection.gov.cy
Effect of Policy and Changes to Policy
We keep this Policy under review, and we may modify it from time to time without prior notice. You should review our Policy on our website periodically to ensure you are aware of any such modifications/updates.
Cookies Policy
Our website uses cookie technology to track, save, and store information as well as your interactions and usage of our website to provide a smooth, efficient, and personalized experience. You may disable cookies through your web browser's settings.
Types of Cookies
- Strictly Necessary Cookies: Required for basic site functions. They do not store any personally identifiable information.
- Functionality Cookies: Remember user choices and enhance the web experience.
- Navigation Cookies: Gather anonymous usage data, including visitor counts and page views, to improve the site.
- Analytical Cookies: Provide statistical analyses on site usage.
- Targeting or Advertising Cookies: Deliver relevant social media ads and limit ad frequency. If you do not allow these Cookies, non-personalized ads will be shown.