Glossary | |
GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural person with regard to the processing of personal and on the free movement of such data and repealing Directive 95/46/EEC (General Data Protection Regulation) |
Processing
| Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction |
Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data |
Data Protection Officer – DPO | For the purposes of this privacy policy the Controller (Cablenet Communication Systems Plc) appointed a DPO to carry out the following tasks: To review the compliance with GDPR and other applicable EU or national legislation in relation to the protection of personal data. To advise Cablenet about legislative developments and methods of compliance with its obligations under GDPR and other applicable law. To cooperate with the supervisory authority. |
Personal data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Privacy Policy of
Cablenet Communication Systems Plc
The policy aims to give you information on how we protect the personal data you provide to Cablenet Communication Systems Plc for the provision of telecommunication services, when you make inquiries about our services before entering into an agreement, when asking for assistance to resolve problems, when getting customer support or when using our website.
Further, we provide explanations on the legislative framework and your rights when interacting with us in your capacity as a data subject.
The policy comprises the following chapters:
- Who we are
- The data we collect about you
- How is your personal data collected
- Purpose, legal base, duration of processing
- Your legal rights
- Our policy for the protection of the personal data of children
- Disclosures of your personal data
- Transfer of personal data outside the EU/ EEA
- Cookies
- Changes to this Data Protection Policy
- Definition of main terms
1. Who we are
Cablenet Communication Systems Plc (“we”, “us” or “Cablenet”) is the Controller under the General Regulation for Personal Data Protection (GDPR) and responsible for your personal data which you provide us as subscribers or potential subscribers. Therefore, we implemented the appropriate technical and organizational measures to protect your personal data in compliance with the law.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with the applicable law currently in force.
If you have any questions or concerns about this policy including any requests on the exercise of your legal rights please contact the DPO using the details set out below:
email: dpo@cablenetcy.net
tel: +357 22 294160
Data Protection Officer
Cablenet Communication Systems Plc
Ay. Nicolaou 41 – 49
Nemeli building, Block A, 2nd floor, 2408
Engomi, Nicosia
Cyprus
2. The data we collect about you
We may collect different kinds of data including the following:
- Name & surname
- Fixed line – telephone number
- Mobile telephone number
- Billing address, home address
- ID number, or passport number
- Email address
- User name and password to access our services
- Transaction data – payments to and from you for products and services purchased from us
- Online content logs and email headers
- Call details (telephone number of caller and recipientαριθμός, duration of call
- Traffic and billing data including MAC address of Cablenet’s terminal devices and IP addresses
- Location data
- Device data, e.g. IMEI – International Mobile Equipment Identity, ICCID – Integrated Circuit Card ID, i.e. serial number of SIM card, IMSI – International Mobile Subscriber I.D
- Data from cookies
- Name and work email of individuals included in management clauses of commercial agreements
- Curriculum Vitae
3. How is your personal data collected
We use various methods to collect data from and about you including data you provide when you:
- Create a user’s account online or at Cablenet’s shops
- Subscribe to our network of mobile telephony with access to sms and internet services
- Subscribe to our fixed line network with access to internet, telephony and TV services
- Subscribe to our TV services via the application TV GO
- Apply to activate the standing order for payment of invoices
- Inquire whether your office or home is within the area of our network coverage
- Engage with us on social media
- Use your online account – cablenet.me
- Contact us through our call centre
- Contact us by any means with queries or complaints
- Ask us to email you information about our products or services
- Choose to receive information about our offers, competitions and other news of Cablenet
- Participate in our competitions
- Choose to complete any surveys we send
- Comment on or review our products and services
- Visit our shops which have Closed Circuit Television – CCTV- systems for the security of both the customers and partners. These systems may record your image during your visit
- Engage with us as sole trader or as a commercial entity representative to develop a business relationship
- Submit your CV to our human resources department for potential employment by Cablenet
4. Purpose, legal base, duration of processing
We process your personal data in accordance with applicable law, mainly for the purpose of complying with our contractual obligations, for the protection of our legitimate interests and for compliance with the law governing telecommunications. We have set out below in a table format the purpose of the processing of personal data, the categories of personal data we process, the lawful ground and the duration of processing. Note that we may process your data for more than one lawful ground depending on the specific purpose for which we use your data. Please contact the Data Protection Officer – DPO- if you need details about the specific legal ground where more than one has been set out below.
We collect your data for the performance of the contract with you, if it is necessary to comply with a legal obligation or if we obtain your consent. We keep your data in accordance with the duration specified in the table below for each category in order to comply with the corresponding legal ground. When your data are no longer needed they are either deleted or anonymized in which case if they are used for statistical of business planning purposes they no longer relate to an identified or identifiable individual.
If we intend to process your data for a purpose other than the one for which we collected it, we will inform you accordingly about the additional processing.
Purpose / Activity | Type of data | Legal ground | Retention period |
To process your application to register including your selected payment method | Name Identity Card (ID) or passport number Contact data Payment data | Necessary to enter into a contract with you for the provision of services | For as long as you are a subscriber to our services & for longer if necessary under another legal ground as described in this policy |
Manage payments | e-copies of invoices | Necessary for our legitimate interests regarding the management of payments | For as long as you are a subscriber to our services & to exercise our rights under the contract For seven (7) years from the date of issuance of the invoice – necessary to comply with the obligations on bookkeeping and audit |
To charge calls, pay for connections & resolve connectivity issues and connection charges | Traffic and billing data Geographical location data | Performance of the contract with you Necessary for our legitimate obligation The Electronic Communications and Postal Services Law of 2004 (No 112 (I)/2004). Regulation 607/2007 | 6 months |
To detect and/or prevent fraudulent calls | Calls details | Necessary for our legitimate interests Necessary to comply with a legal obligation The Electronic Communications and Postal Services Law of 2004 (No 112 (I)/2004) | 6 months |
To collect and recover outstanding amounts owed to us **If you do not pay your outstanding amounts we might ask a debt recovery agency to collect what you owe to us **If you do not meet the deadlines for the settlement of your outstanding amounts we might engage a law firm to initiate court action for debt recovery. In such case we will disclose your personal data with our lawyers who might contact you prior to initiating the legal proceedings | Name Contact details Payment details, outstanding amounts, warning letters | Performance of the contract with you Necessary for our legitimate interests | Until the resolution of the dispute for the debt collection |
To manage our communication with you or to notify you about changes to our policy or terms and conditions | Name Contact details | Performance of the contract with you or To comply with a legal obligation – Regulation 256/2018 | During your subscription to our services |
To notify you of about technological updates and improvement of our services | Name Contact details | Performance of the contract with you | During your subscription to our services |
To deliver advertisements to you by email, or other e methods (e.g. sms) / For direct marketing about – New products or services of Cablenet – products which are related to the ones you have already bought – personalized suggestions according to your preferences | Name Contact details Personalized preferences | You give us your consent to receive personalized marketing material Processing to deliver marketing material for products related to the ones you already purchased, in compliance with Law No 112(Ι)/2004 | During your subscription to our services You may withdraw your consent at any time, in which case you will no longer receive marketing material about new products or products related to the ones you have already purchased |
To make personalized suggestions to you about TV programs that may be of interest to you | We collect data about your TV viewing directly from you | You give us your consent in order to receive personalized suggestions that match your preferences | During your subscription to our services * You may withdraw your consent at any time in which case we will stop making suggestions of programs that might interest you |
Transmission of communication to an electronic network either for completion or for charging purposes | Traffic & billing data | Performance of a contract with you | 6 months |
To prevent and detect attacks on our internal network, our information system or against your equipment | Traffic and billing data | Necessary for out legitimate interests to secure our internal network and the information systems of Cablenet To protect your data in compliance with our Information Security Policy & our Information Security Management System | 6 months |
To follow a court order or other lawful request of regulators or other competent authorities such as: Police Authorities, Judicial Authorities, Regulatory Authorities of cybersecurity Tax authorities | Traffic and billing data IP address | Necessary to comply with court orders or lawful requests of competent authorities Compliance with a legal obligation that we are subject to Under the laws for detection of criminal acts, e.g. Law no 92(Ι)/1996, CAP 154, CAP 155, Law no 89(Ι)/2020, Law no 112(Ι)/2004, Regulation no 607/2007 Law 183(I)/2007 Law 95(I)/2000 | 6 months |
To locate the equipment of our subscriber at the installation point and/or in case of emergency response | Location data | Necessary to comply with a legal obligation, Law no 92(Ι)/1996 | Throughout the duration of your subscription |
To protect our business installations, our shops, and our staff. To investigate criminal activity at our premises To follow a court order or other lawful request from competent authorities, e.g. Police Authorities, & Judicial Authorities | CCTV footage from cameras operated at Cablenet’s premises | Necessary for our legitimate interests – for network security, protection of business premises & property, safety of the staff Your personal data may be analyzed by competent authorities in the context of an investigation of a possible criminal act | 30 days except in case of investigation of a possible criminal act Until the conclusion of the investigation process Face blurring is applied to CCTV footage shared with a competent authority, except for the face of the person under investigation |
To provide customer support services: – Responding to your queries – For troubleshooting – Maintenance or technical support – Improving our services and customer care | Name Contact details | Performance of a contract with you Necessary for our legitimate interests | Throughout the duration of your subscription |
To speak with you when contacting the call center | Recording the calls to the call center | Necessary for our legitimate interests – to train the call center staff on how to provide you with the best practice | 6 months |
To administer issues that may arise during your subscription to our services | Contact details ID or passport number Outstanding amounts Warning letters | Necessary for our legitimate interests to initiate proceedings for the protection of our contractual rights | Until the final resolution of the dispute |
To secure our network | Volume of data transferred – subscriber data usage IMEI | Necessary for our legitimate interests – to secure proper network management and planning Necessary to comply with a legal obligation to protect the security of the network & business continuity Law no 112(Ι)/2004, Law no 89(Ι)/2020 | 6 months |
To review your application to join our team | Information about you contained in your CV | Consent To comply with applicable employment law | You can specify the retention period when submitting your application Processing of employees’ personal data are governed by the employee privacy notice |
To send notices for contract management | Name and work email | Necessary for our legitimate interests | Processing is governed by the data protection clauses of the respective commercial contract |
5. Your legal rights
Under GDPR you have rights in relation to your personal data we hold about you. You are entitled to make the following requests:
Request access to your personal data
You have the right to obtain confirmation about the processing in relation to your data and the validity of processing. Thus you may access your processed personal data and obtain information about the processing including, the purpose of data processing, the recipients who receive data from the controller, how long we store data, etc
Request correction of your personal data
You have the right to ask the Data Protection Officer – DPO- to promptly correct inaccurate personal data, to update or amend your personal data. We rely on you to ensure that your personal data is complete, accurate and up to date.
Request a right to erasure of your personal data [“right to Be Forgotten”]
You have the right to request erasure of your personal data without undue delay if there is a lawful ground to continue processing or you object to their processing. You may also withdraw your consent if there are no other compelling legitimate grounds to process personal data.
Request restriction of processing your personal data
You have the right to restrict the processing of your personal data under the following circumstances: (a) you contest the accuracy of the personal data, in which case the processing may be restricted until the accuracy can be verified, (b) the processing is unlawful, however you oppose the erasure of your personal data and ask for the restriction of their use instead, (c) we no longer need your personal data for the purposes of processing but they are required by you, as data subject, for the establishment, exercise or defense to processing of legal claims, and (d) you object to processing, pending the verification whether our legitimate grounds override your grounds to object the processing.
Request transfer of your personal data (right to data portability including your mobile or landline phone number)
You may request to transfer your telephone number to another provider of electronic communications.
Object to processing
You have the right to object to processing of your data at any time, including for direct marketing. If you exercise this right we will stop the processing unless we have a compelling legitimate ground for it that overrides your interests.
Right to withdraw consent at any time where we are relying on consent to process your personal data, including for direct marketing
You can ask us to stop sending you marketing messages at any time by:
- Selecting to «unsubscribe» at the bottom of the marketing email, or
- Calling the number “130” and asking us to stop sending you messages, or
- Selecting “STOP SMS”, or
- Disabling cookies on your browser, if applicable
When you opt out of receiving marketing messages we will no longer send such material.
Our Data Protection Officer – DPO- can facilitate the exercise of the legal rights listed above. You can contact the DPO at:
email: dpo@cablenetcy.net
or
by sending a letter to:
Cablenet Communication Systems Plc
Data Protection Officer
41-49, Ayios Nicolaos street,
Nimeli Building, Block A, 2nd floor
2408 Engomi, Nicosia, Cyprus
You have the right to address your concerns to the Data Protection Officer (DPO) by sending an email to dpo@cablenetcy.net, or by sending a letter to the following address:
Cablenet Communication Systems Plc
Data Protection Officer
41-49, Ayios Nicolaos street,
Nimeli Building, Block A, 2nd floor
2408 Engomi, Nicosia, Cyprus
We would gladly assist you with any concerns or queries you may have in relation to the privacy policy, for example, the use of your personal data, your access to the data we collect about you, the processing based on your consent and your right to withdraw that consent.
Right to lodge a complaint with the Commissioner for Personal Data Protection
If you are not satisfied with the response of our DPO about your concerns you have the right to make a complaint to the Office of the Commissioner for Personal Data Protection at:
Office address:
Iasonos 1, 1082 Nicosia, Cyprus
Postal address
P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner dataprotection.gov.cy
6. Our policy for the protection of the personal data of children
The protection of the children’s personal data is very important to us, especially when they are online. Our website, our products and services are not addressed to nor are they designed for children below the age of 14.
It is our policy not to process personal data of minors below the age of 14, even if we rely on consent, unless we have obtained the prior authorization of their parents or custodian or if such processing is permissible under the law.
We do not target children when providing online services or personalized advertising. However we might unintentionally process personal data of minors under the age of 14 in which case we will ensure that the data is deleted unless it was provided with the consent of the parent or custodian. We might also delete the account of the child from our company’s electronic platform, if applicable.
We ask that you inform the Data Protection Office -DPO- as soon as you became aware that a minor below the age of 14 has provided us with personal data.
7. Disclosures of your personal data
There are occasions when we need to share your personal data with a third party processors. We will only provide the information they need to perform their specific services.
We require all third parties to follow the procedures to secure your data and to confirm that they put in place appropriate technical and organizational measures to protect your data in accordance with applicable law. Our associates may be bound by specific contracts (Standard Contractual Clauses or DPAs) to follow policies and procedures which we deem adequate or they may put in place equivalent measures that are compatible with the GDPR rules.
After the end of services the third parties delete or fully anonymize the personal data they obtained when doing business with us.
You can find below the recipients or categories of recipients of personal data.
- IT companies or cloud storage companies, (e.g. Oracle, Google, Microsoft – Azure, Amazon – AWS) which provide operational support to our information technology and other business systems.
- Companies offering applications using cloud infrastructures. e.g. Salesforce which provides us with Customer Relationship Management services by collecting information about our subscribers from various company departments and the monday.com Work OS, a project and task management software, used for the assessment, execution and closure of tasks and projects with business associates.
- Companies providing technology management services for quality assurance, network management & planning – OpenVault.
- Communications platform companies, in relation to the charging of services including roaming services, e.g. BiCS, TiS and companies offering billing systems, e.g. Intrasoft.
- Cyber security companies
- Operational companies offering archiving or record management services, printing of monthly bills, Printaform L.t.d., or courier services, ACS.
- Banks and other financial institutions
- External legal consultants, financial auditors, business advisors to help us with statutory compliance
- Direct marketing companies and market research companies who help us manage electronic or postal communications with you and shape our products and services to serve your communication and entertainment needs and expectations.
- Credit payment processing such as JCC Payment Systems Ltd, SIX Payment Services.
- Competent authorities, such as the Cyprus Police, the Digital Security Authority, the Commissioner for Protection of Personal Data, the Tax Authorities, etc, within the context of our compliance with our legal obligations.
For the purpose of providing mobile telephony services, we process traffic data and geographical location data in coordination with other telecommunication providers in Cyprus. Currently, we are cooperating with CYTA, having entered into a relevant agreement.
8. Transfer of personal data outside the EU/ EEA
We might send your personal data to other companies outside the EEA for further processing. We only transfer personal data outside the EEA if it is required for the provision of services to you.
We ensure that our partners offer adequate level of protection as we implement at least one of the following safeguards:
- All our providers are contractually committed to implement the requirements set out in GDPR and other privacy legislation including laws for the protection of electronic communications which are currently in force in Cyprus.
- Certain providers are located in countries that have been deemed by the European Commission to provide an adequate level of protection for personal data.
- Where we cooperate with certain providers we use the Standard Contractual Clauses approved by the European Commission which give the transferred personal data the same protection it has in intra – EU transfers.
Occasionally a transfer might be envisaged to a third country even if none of the above mentioned safeguards apply. Examples of such instances are:
- We will provide you with the necessary information and the potential risks and ask for your explicit consent for the transfer to the third country not deemed to provide an adequate level of protection,
- The transfer is necessary for the purposes of entering into an agreement or complying with anobligation under our contract,
- The transfer is necessary for the purposes of legal proceedings or obtaining legal advice.
In other occasions your data will be anonymized prior to any transfer out of the EEA so that if used for statistical analysis or business planning it will have no personally identifiable information.
9. Cookies
We use “cookies”, i.e., a small text file which often includes an anonymous unique identifier that is sent to your browser from the websites and is stored on your hard drive.
The “essential cookies” are automatically enabled for the proper functioning of Cablenet’s website.
For more information about the cookies we use and your options regarding cookie permission please see Cookie Policy.
10. Changes to this Data Protection Policy
We keep this Data Protection Policy under regular review to adapt to and comply with changes in the law. This version was last updated on 25/09/2023.
We rely on you to ensure that your personal data is accurate and up-to-date. Please do inform us promptly of any changes to or inaccuracies in your personal data.