| Term | Definition |
| GDPR – General Data Protection Regulation | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal and on the free movement of such data and repealing Directive 95/46/EEC (General Data Protection Regulation). |
| Processing | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
| Data Protection Officer – DPO | For the purposes of this privacy policy the Controller (Cablenet Communication Systems Plc) appointed a DPO to carry out the following tasks: To review the compliance with GDPR and other applicable EU or national legislation in relation to the protection of personal data. To advise Cablenet about legislative developments and methods of compliance with its obligations under GDPR and other applicable law. To cooperate with the supervisory authority. |
| Personal data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Privacy Policy of
Cablenet Communication Systems Plc
This privacy policy aims to inform you about how we process and protect your personal data, which you provide to us when you use our services, website, applications or submit a request for information, when you enter into an agreement with us, when asking for assistance to resolve problems and generally for providing and improving our services for you.
In addition, we explain to you what your rights are and how the applicable data protection laws protect you.
The policy comprises the following chapters:
- Who we are
- The data we collect about you
- How is your personal data collected
- Purpose, legal base, duration of processing
- Your legal rights
- Our policy for the protection of the personal data of children
- Disclosures of your personal data
- Transfer of personal data outside the EU/ EEA
- Cookies
- Changes to this Data Protection Policy
- Definition of main terms
1. Who we are
Cablenet Communication Systems Plc (“we”, “us” or “Cablenet”) is the Controller under the General Regulation for Personal Data Protection (GDPR) and responsible for your personal data which you provide us as subscribers or potential subscribers. Therefore, we implemented the appropriate technical and organizational measures to protect your personal data in compliance with the law.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our compliance with the applicable law currently in force.
If you have any questions or concerns about this policy including any requests on the exercise of your legal rights, please contact the DPO using the details set out below:
email: dpo@cablenetcy.net
tel: +357 22 294162
Cablenet Communication Systems Plc
Data Protection Officer
41 – 49, Ayios Nicolaos street,
Nimeli building, Block A, 2nd floor
2408 Engomi, Nicosia, Cyprus
2. The data we collect about you
The personal data we collect and the processing of your personal data, by us or the processors, depends on the type of services/ products you have requested and/or receive. The personal data we collect includes:
- Name & Surname
- Your identity card or passport number or alien registration card and other information included in the identification document, such as date of birth
- Your contact number (landline and/or mobile phone)
- Your residence and mailing address
- Name and work email addresses of individuals included in the terms of commercial agreements for reasons of contract management
- Data relating to the terminal equipment you use to connect to our network, e.g. IMEI – International Mobile Equipment Identity, ICCID – Integrated Circuit Card Identifier, SIM card serial number, IMSI – International Mobile Subscriber Identity
- Service usage data, relating to the overall use of telephony and internet services
- Your email address
- Your personal user passwords to our services
- Your payment information
- Your history of choices and the suggestions we have made to you
- Recorded conversations with our company’s call center
- Traffic and billing data
- Location data
- Information from cookies
- CV
- Closed-circuit video surveillance (CCTV) data
- Biometric data, including a personal photograph and a photograph of an identification document, in the case of electronic identification of a prepaid mobile phone holder, through our authorized partner. For clarity, Cablenet retains as proof of the procedure only the result of the processing of the biometric data and not the data itself. Biometric data is used exclusively for the purpose of the identification procedure and is not stored during the remote electronic identification
- Data that you create when using our applications, such as content data that you upload to the application or when you interact with other available content, as well as device data, cookies, personalization data (e.g. language selection)
3. How is your personal data collected
We use various methods to collect data from and about you including data you provide when you:
- Create a user account at Cablenet, either online or in our stores.
- Perform electronic identification, through our website or our application Cablenet.me
- Subscribe to one of our services.
- Fill in your details to access or use our products and/or services.
- Provide your details to third parties with whom we collaborate in the context of providing our services and/or products.
- Submit a request to activate a direct debit order.
- Ask us to check the network coverage of your home or office.
- Interact with us on social media (provided you have given your consent to the relevant social media and have accepted any terms and conditions thereof, issues for which Cablenet is not responsible).
- Use your personal online account – cablenet.me
- Use our applications.
- Contact us by calling our call center.
- Submit questions or complaints by any means of communication.
- Request information about products or services via email.
- Give us your consent to inform you about offers, competitions and other news from Cablenet.
- Participate in competitions held by Cablenet.
- Choose to complete questionnaires that we send you.
- Submit comments or reviews about our products and services.
- Visit our stores that have closed circuit video surveillance systems (CCTV) for the safety of our customers and associates. These systems may record your image during your visit to a store.
- Collaborate with us as an independent associate or as a representative of a commercial entity within the framework of a commercial relationship.
- Submit your resume to our Human Resources department for possible employment at Cablenet.
The collection of the data is done either directly by you or automatically from the use of our products and services or from other sources or by using or combining data we hold about you to infer information about you.
Our Company may proceed to an assessment of the credit risk arising from contracting with you, in order to protect its legitimate interest in preventing overdue debts and ensuring responsible financial management during our business activity. To assess the credit risk, we process in an automated manner the personal data we already hold about you. While the process involves automated tools any final decisions made with the involvement of a representative of our company and is not based solely on automated processing.
4. Purpose, legal base, duration of processing
We process your personal data in accordance with applicable law. The processing of your personal data is mainly based on the following legal bases:
A) execution of the contract with you or for actions at the pre-contractual stage.
B) protection of our legitimate interests, always considering and carefully balancing your own rights and interests. Such processing is limited to what is strictly necessary based on our existing or prospective transactional relationship.
C) consent, in which case the processing takes place due to specific consent, which you can withdraw at any time. Any withdrawal of consent does not affect the processing carried out previously.
D) compliance with legislation to which our Company is subject.
In the table below we present the purposes of processing your personal data, the categories of personal data that we process per purpose, the legal basis for each personal data processing as well as the duration of retention of personal data per case.
In many cases the same data may be used for more than one purpose and the processing may be based on different legal bases. If you need clarification, please contact the Data Protection Officer (DPO).
| Purpose / Activity | Type of data | Legal ground | Retention period |
| Submitting application to register to our services | Full name Number of an identification document Contact details Payment data | Necessary to enter a contract with you and for the provision of services | Until the completion of your registration process as a new subscriber. For as long as you are a subscriber to our services & for longer, if necessary, under another legal ground as described in this policy. Your payment details, if you register as a subscriber, are retained for as long as you maintain a subscription to our services. |
| Submission of your electronic application to register to our pre-paid telephony services – Subscriber Identification | Picture of the identifying document Personal picture | Necessary to enter a contract with you and for the provision of services Compliance with legal obligation | Biometric data are kept only for the identification procedure. After which only the contact information as requested by applicable law are kept. |
| Manage payments | e-copies of invoices | Performance of the contract with you Compliance with legal obligation Our legitimate interest, regarding the management of payments | For six plus 1 (6+1) years, from the date of issuance of the invoice – necessary to comply with the obligations on bookkeeping and audit. |
| To charge calls, pay for connections & resolve connectivity issues and connection charges | Traffic and billing data Location data | Contract performance Compliance with legal obligation | 6 months |
| To collect and recover outstanding amounts owed to us **If you do not pay your outstanding amounts, we might ask a debt recovery agency to collect what you owe to us **If you do not meet the deadlines for the settlement of your outstanding amounts, we might engage a law firm to initiate court action for debt recovery. In such case we will disclose your personal data with our lawyers who might contact you prior to initiating the legal proceedings | Full name Contact details Payment details, outstanding amounts, warning letters | Contract performance Our legitimate interest regarding the claim and collection of overdue debts | Until the resolution of the dispute for the debt collection |
| To manage our communication with you Or To notify you about changes to our policy or terms and conditions | Full name Contact details | Contract Performance Compliance with legal obligation | During your subscription to our services |
| To notify you of technological updates and improvement of our services | Full name Contact details | Contract performance | During your subscription to our services |
| To deliver advertisements to you by email, or other e -methods (e.g. SMS) / For direct marketing about – New products or services of Cablenet – products which are related to the ones you have already bought – personalized suggestions according to your preferences | Full name Contact details Personalized preferences | Consent to: a) automated processing of my personal preferences for the purpose of receiving personalized marketing material b) Processing to deliver marketing material for products related to the ones you already purchased | During your subscription to our services and for as long you did not withdraw your consent ** You may withdraw your consent any time separately |
| To make personalized suggestions to you about TV programs that may be of interest to you | We collect data about your TV viewing directly from you | Providing consent, for automated processing of your viewing history in order to receive personalized suggestions that match your preferences | During your subscription to our TV services and for as long you did not withdraw your consent ** You may withdraw your consent any time separately |
| Transmission of communication to an electronic network either for completion or for charging purposes (roaming) | Traffic and billing data | Contract Performance | 6 months |
| To prevent and detect attacks on our internal network, our information system or against your equipment | Traffic and billing data | Our legitimate interests to secure our internal network and the information systems of Cablenet To protect your data | For six (6) months or as long as the case is active |
| To follow a court order or other lawful request of regulators or other competent authorities such as: Police Authorities, Judicial Authorities, Regulatory Authorities of cybersecurity Tax authorities | Traffic and billing data Location data | Compliance with legal obligation | For as long as is necessary to perform our obligations |
| Use of CCTV to our premises: To protect our business installations, our shops and staff To investigate criminal activity at our premises To follow a court order or other lawful request from competent authorities, e.g. Police, Judicial, Network Security Supervisory authorities | CCTV footage from cameras operated at Cablenet’s premises | Our legitimate interests in the security of our network, physical stores, buildings, assets and personnel, provided that these interests do not override your rights Your personal data may be disclosed to competent authorities in the context of an investigation of an incident, such as burglary, assault, theft etc. | 30 days except in case of investigation of a possible criminal act Until the conclusion of the investigation process |
| To provide customer support services: Responding to your queries For troubleshooting Maintenance or technical support Improving our services and customer care | Full name Contact details | Contract Performance Our legitimate interest, in optimising the services provided by our company to you | Throughout your subscription to our services |
| When you contact our call center to receive customer support services | Call recordings | Consent Our legitimate interest for the purpose of quality of services, staff training and evidentiary needs in case of disputes | 6 months |
| To administer issues that may arise during your subscription to our services | Contact detailsIdentification document number Outstanding amounts | Our legitimate interest to initiate proceedings for the protection of our contractual rights | Until the final resolution of the dispute |
| Ensuring the quality and integrity of the network | Volume of transmitted data (usage data) Equipment data | Contract Performance legitimate interest – to secure proper network management and planning legal obligation to protect the security of the network & business continuity | 6 months |
| Review of resume | Information about you contained in your CV | Consent To comply with applicable employment law | 12 months after submission of the application and/or 12 months after renewal of consent of the applicant |
| Communication for contract management | Name and business email | Contract Performance with the legal entity you are representing | Based on the commercial contract |
Your data is collected only for the purposes that are strictly necessary for the performance of the contract between us or for compliance with our legal obligations or with your consent. We retain your data only for as long as is necessary to serve these purposes. It is then completely deleted or anonymized so that if it is used for statistical analysis and business planning purposes it does not constitute personal data.
If we will further process your data for a purpose other than that for which it was collected, we will inform you and provide you with all relevant information regarding this further processing,
5. Your rights
Under GDPR you have rights in relation to your personal data we hold about you. You are entitled to make the following requests:
Request access
You have the right to access your data that we process and to receive information about its processing, including the purpose of the processing, the recipients to whom your personal data is disclosed, the storage period, etc
Right to rectification
You have the right to request the correction, updating or modification of your personal data. It is important that your data is accurate and up to date. Please inform us when there are changes to the data you have provided to us.
Right to erasure
You have the right to request that we delete personal data concerning you without undue delay when it is no longer necessary in relation to the purposes for which it was collected. You also have this right if you withdraw the consent on the basis of which the processing is carried out, and there is no other legal basis for the processing.
Right to request restriction of processing your personal data
You have the right to request restriction of processing of your personal data in the following cases: (a) where you contest the accuracy of the personal data retained and until verification, (b) where you believe that the processing is unlawful but you oppose to the erasure of your personal data and request restriction of use instead of erasure, (c) where the personal data are not needed for the purposes of the processing, but are necessary for you to establish, exercise or defend legal claims, and (d) where you object to the processing and pending verification of whether there are legitimate grounds that concern us and override the grounds for which you object to the processing. Your request will be considered considering legal obligations we may have in relation to your data.
Right to portability (including your landline or mobile phone number).
You have the right to receive your personal data free of charge in a format that allows you to access them and in a structured, commonly used and machine-readable format, and to use and process them using commonly used processing methods. You also have the right to ask us, where technically feasible, to transmit the data in question directly to another controller. This right applies to data that you have provided to us and that is processed by automated means based on your consent or in execution of a relevant contract. This right also applies to the portability of your landline or mobile phone number.
Right to object to processing
You have the right to object at any time to the processing of your personal data in cases where, the processing is for the purposes of legitimate interests pursued by us as data controller.
Right to withdraw the consent you have given us in any case of processing based on consent
You can stop receiving messages for direct marketing purposes from the Company in the following ways:
- By informing the Data Protection Officer (DPO) that you are withdrawing the consent you have given for communication for the purposes of promoting products or services at the contact details below
- By selecting the “unsubscribe” option at the end of the email, or
- by selecting STOP SMS, or
- depending on the case, by disabling the cookie settings on your computer.
When you opt out of receiving marketing messages, we will no longer send such material.
To exercise your above rights or to withdraw your consent or to express any concern, you can contact the Company’s Data Protection Officer (DPO).
Please note that in the event of your withdrawal of consent, the lawfulness of the processing based on consent prior to its withdrawal is not affected.
We would gladly assist you with any concerns or queries you may have in relation to the privacy policy, for example, the use of your personal data, your access to the data we collect about you, the processing based on your consent and your right to withdraw that consent.
Right to lodge a complaint with the Commissioner for Personal Data Protection
If you are not satisfied with the response of our DPO about your concerns, you have the right to make a complaint to the Office of the Commissioner for Personal Data Protection here.
6. Our policy for the protection of the personal data of children
The protection of the children’s personal data is very important to us, especially in an online environment.
Our website, products and services are neither intentionally designed nor directed at minors under the age of 14.
In the case of processing personal data based on consent, we never process personal data relating to children under the age of 14, unless we have first obtained consent from the child’s parents or legal guardian, or unless this is permitted by law.
We do not provide Information Society services to children, nor do we display interest-based advertising.
If we become aware that we have processed personal data of a person under the age of 14 and to the extent that the data has not been provided with the consent of the minor’s parents or legal guardian, we will immediately take all necessary steps to delete such information. This may require us to delete the account of the child in question from the Company’s website’s electronic platform.
If you become aware that a minor under the age of 14 has provided us with identifiable personal information, please contact the Data Protection Officer (DPO) immediately.
7. Who do we share your personal data with?
There are occasions when we need to share your personal data with a third-party processor. We will only provide the information they need to perform their specific services.
Cablenet ensures that any third parties performing processing on its behalf meet the requirements and provide sufficient assurances for the implementation of appropriate technical and organizational measures, so that the processing of your personal is in accordance the applicable law. Our partners are bound by contracts they have concluded with our Company to follow the appropriate security policies and personal data protection procedures of Cablenet, or to implement equivalent measures, in order to ensure compliance with the provisions of the GDPR.
If we cease to use their services, all data concerning you and, in their possession, will either be completely and immediately deleted, or will be completely anonymized.
We list the recipients, or categories of recipients, of personal data:
- Companies operating in the Information Technology (IT) sector or cloud computing service providers (Cloud services, e.g. Oracle, Salesforce, Microsoft -Azure, Amazon – AWS), which provide operational support for the Company’s information and other business systems.
- Companies providing network quality and integrity assurance services.
- Information management companies related to service billing, e.g. roaming services and billing system support companies.
- Cyber security support companies.
- Business operational support service providers such as companies that provide us with file management services, printing of monthly bills that concern you, or providing courier services.
- Banks and other financial institutions.
- External legal advisors, auditors and business consultants who assist us in complying with our obligations under applicable law.
- Direct Marketing Companies and market research companies who help us manage our electronic communications and/or postal services with you and to tailor our products and services to meet your communication and entertainment needs and expectations while always applying the highest possible quality standards.
- Card payment processing companies, such as JCC Payment Systems Ltd, SIX Payment Services.
- Debt collection agencies who help us in recovering outstanding receivables.
- Competent authorities – such as the Cyprus Police, the Digital Security Authority, the Commissioner for Personal Data Protection, etc. – in the context of our compliance with our legal obligations.
8. How we may transfer your personal data outside the EU/EEA
In some cases, we may transfer your personal data to our partner companies outside the European Union and the European Economic Area (EU/EEA) by whom your data may be further processed. The transfer of personal data outside the EU/EEA is only made if it is deemed appropriate for the provision of our services to you.
We ensure that the transfer to our partners will be made in accordance with mechanisms that include appropriate protection guarantees for this purpose, such as:
- All our partners are bound by the contractual obligation to implement the requirements of the GDPR and other legislation of the Republic of Cyprus relating to the protection of personal data and electronic privacy.
- Some of our partners are located in third countries for which the European Commission has issued an adequacy decision on the protection of personal data.
- In some cases, we contract with our partners using specific agreements, approved by the European Commission, which ensure the same level of protection as that which applies to transfers between persons located within the EU or the EEA (Standard Contractual Clauses).
However, by way of derogation from the above, there may be certain special circumstances where:
- We may require your explicit consent for the proposed cross-border transfer of data to a third country, after having previously explained to you the relevant details and the potential risks due to the absence of an adequacy decision,
- the transfer of data is necessary for the conclusion or performance of the contractual relationship between us,
- the transfer of data is necessary for the purposes of legal proceedings or for obtaining legal advice.
We shall not proceed with any international data transfer unless we are satisfied that the level of protection afforded to the personal data is essentially equivalent to that guaranteed within the EU/EEA.
9. Information about the use of cookies
Our website uses “cookies”. The term “cookies” refers to a small data file that we place on your computer if you agree and if you give us your prior consent. Enabling essential “cookies” makes it easier for us to provide you with a good experience when browsing the Cablenet website.
We encourage you to be informed about our policy and your choices regarding cookies.
10. Changes to the Privacy Policy
The Policy is revised from time to time to adapt to changes in the legal framework that governs it. The most recent revision with version 5, was made on 11/08/2025.