Privacy Policy

Having a customer-oriented philosophy, Ollanet Ltd (hereinafter referred to as “the Company” or “We”) we seek maximum satisfaction of your requirements by offering high-quality telecommunications services at the highest speeds and lowest prices. In this context, we process your personal data to connect your calls, store your emails, connect you to the internet through our high-speed broadband services. It is our responsibility first of all and of course, our legal obligation to protect your personal data throughout the lifecycle of these data from collection to disposal or transferring the data back to you. We are committed to keep your personal data secure and respect your privacy as we base our relationship with you on mutual trust. It is our intention to keep an open channel of communication with you through this Privacy policy, which we will keep updated as and when necessary to keep it relevant and compliant with the governing legal framework – the General Data Protection Regulation (EU) 2016/679 in this case. This privacy policy explains in detail how we use your personal data. It describes what sort of data we collect, what we do (or what we may do) from the moment you ask for a service from us, when we may use your information, who do we share your data with and how we protect your data. It applies to the products and services we provide to you (such as your broadband connection, mobile, Wi-Fi, TV and fixed telephony), our support services and our websites. It applies to our subscribers and sole traders but doesn’t apply to our employees and to the information we hold about companies or organizations. It applies even if you’re not one of our customers and you interact with us, such as by: • taking part in a survey or trial; • entering a prize promotion; • calling our helpdesk; or • generally enquiring about our services.
We take our responsibilities under the General Data Protection Regulation (EU) 2016/679 very seriously and as such we are committed to : • Process personal data openly, fairly and in accordance with applicable laws • Inform (either directly or in our policies) about how we will use your personal data • Only collect personal data from when we need it for legitimate purposes or legal reasons • Ensure that all personal data are adequate, relevant and not excessive for the purpose for which we collect them • Avoid keeping personal data for longer than we need to • Keep personal data secure, and limit the people who can access it • Ensure that you know how to access your personal data and exercise your rights in relation to it, including being able to keep it accurate and up-to-date; and • Ensure that any third parties we share personal data by taking appropriate steps to protect it.
There are various instances that we collect your personal data. In some instances, you provide your data to us when you subscribe with us and in some other instances, this is performed automatically through other interactions with us. Below is a list of possible ways we collect your data. • When you create an account with us. • When you use any of our networks – mobile, wifi or the Company products and services • When you request to activate a direct debit or credit order and a reference in disputes and legal cases • When you want to check network coverage of your residence or office • When you request maintenance or technical support • When you engage with us on social media. • When you are using your online account (e.g. the, etc) • When you contact us by any means with queries, complaints, etc. • When you ask one of our members or staff to email you information about a product or service. • When you enter prize draws or competitions. • When you choose to complete any surveys we send you. • When you comment on or review our products and services. • When you fill in any forms. For example, if an accident happens in one of our shops, a member of our staff may collect your personal data and a member of our management may contact you as part of the investigation • When you’ve given the third-party permission to share with us the information they hold about you. • When you visit our shops which usually have CCTV systems operated for the security of both customers and Partners. These systems may record your image during your visit.
General Data Protection Regulation (EU) 2016/679 sets out a number of different reasons for which the Company may collect and process your personal data, including: Consent In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary for connection with a particular service. Contractual obligations In most circumstances, we need your personal data to comply with our contractual obligations i.e. to provide to you our services at the quality level we are committed to our customers. For example, if you have made a technical inquiry, we are contractually obliged to inform you of repair of any damage or other matters related to our services and we’ll process your name and address details to do that. Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to the Police Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your viewing history to send you or make available personalized suggestions. We’ll use your personal data if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to: • Identify, and let you know about, new products and services that interest you; • create aggregated and anonymized information for research, statistical analysis, reporting and performance measurement of our operations; • detect and prevent fraud; and • secure and protect our network, shops, building, and our Company assets
To provide you our services based on terms and conditions We’ll use your personal data to provide you with products and services. This applies when you subscribe to a service from us. We use the following to provide products and services and manage your account. • Your contact details and other information to confirm your identity and your communications with us. This includes your name, home phone, mobile phone, home address, ID or passport number, email address, passwords and credentials (such as the security questions and answers we have on your account). • Your payment and financial information. • Your communications with us, including emails, and phone calls. We’ll also keep records of any settings or communication preferences you choose. • Information from cookies placed on your connected devices that we need so we can provide a service. • We use this information to carry out our contract (or to prepare a contract) and provide products or services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us. • If you don’t pay your outstanding amounts, we might ask a debt-recovery agency to collect what you owe to us. We’ll give them information about you (such as your contact details) and your account (the amount of the debt). Customer Support We use data (name, contact details, your address and any other qualitative information) to respond to customer inquiries, diagnose problems, rectify technical issues and provide other customer care and support services. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interests. We record your calls every time you contact our call center in order to train our staff to provide you with the best service. We will always give you the choice to opt-in for recording your call and we will not keep records of your call if you choose not to. Secure our people, operations, network and services We’ll use your personal data to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks. To do that we use the following information, but only where strictly necessary: MAC-address and IP-address Business Operations Communication, Sales, and Marketing We use the data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means of electronic communication (including SMS) to inform you about new the Company Products or Services, update you on a support issue, invite you to take part in a survey. We also use cookies and similar technologies to provide the most relevant advertising to you. Read ‘Your Rights and Choices’ section for information about managing email subscriptions and promotional communications. To display the most interesting TV content to you, we’ll use your viewing history and duration. We do so on the basis of maximizing your viewing experience and entertainment. We use the information for research and to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business. Law enforcement If we are asked by law enforcement agencies such as Police, we may provide personal data to help detect and stop crime, prosecute offenders and protect national security. Any information requested will be accompanied by a Court order detailing exactly what information is being requested and for what reason. Generally, court orders ask for the following details. Your contact details including but not limited to your name, phone number, email address, physical address of installation, billing address, and under special circumstances your passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us. Your payment and financial information. Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records.
Under the General Data Protection Regulation (EU) 2016/679 you have rights over the following rights in terms of your personal data we hold about you: Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you. In order to receive such a copy, you must request this in writing which can be done electronically at or by sending such requests in writing to: Ollanet Ltd Data Protection Officer 58-60b, Agias Zonis, Lemesos, 3090, Cyprus Right to rectification We rely on you to ensure that your personal data is complete, accurate and up to date. Please do inform us promptly of any changes to or inaccuracies in your personal data by contacting us as above. Right to Erasure You may ask that we erase your information in certain circumstances (the right to erasure). In some cases, other laws or regulations require us to keep some or all of your personal data on record for a specified period. An example would be the requirement by Cyprus Police Service to retain your data for up to six months. Right to the restriction of processing your personal data The right to request that we restrict the processing of your information in certain circumstances. Again, there may be circumstances where you ask us to restrict the processing of your information, but we are legally required to refuse that request. In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we have a legitimate overriding reason to continue processing your personal data. Right to data portability Request to receive a copy of the personal data concerning you, in a format that is structured and commonly used, and transmit such data to a third party where this is technically feasible. Please note that this right only applies to the information which you have provided to us. Right to Consent Your Data remains yours at all times, and you have the right to withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you. You have the right to make a complaint with the Data Protection Commissioner if you think that any of your rights have been infringed by us. To exercise any of your rights, or if you have any other questions about our use of your personal data, you can send us your request and our Data Protection Officer will be happy to deal with your request without delay, and within one month, however, we will need to verify your identity first. You can opt-out of receiving direct marketing communications from us by following the instructions included in every email sent to you via the “Unsubscribe” tab. We respect your choice, and we will stop sending you promotional emails once you unsubscribe. Please note, regardless of your communication settings, we will continue to communicate with you regarding changes to terms and conditions, policy updates, routine customer service messages such as information about service interruptions, data breaches or other significant information about services you are subscribed to. You can adjust the amount of interest-based advertising you may receive by changing your cookie settings, changing your device settings, and/or opting out of certain advertising networks. Our Online Privacy Policy for Children It is our policy to never knowingly collect personal data from anyone under the age of 16 unless we first obtain permission from the child's parent or legal guardian.
We ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data and against the accidental loss of, or damage to, your personal data. Once we are in possession of your personal data we delicately take care of it and we use an array of technical and organizational measures to safeguard the Confidentiality Integrity and Availability of your data, based on a balance of the state of the art and the risks for your rights and freedoms. Our staff adhere to our working practices and have due regard for the security and proper management of your personal data. Our Information Security Policy as part of our Information Security Management System complements this Privacy Policy.
There are occasions when we need to share your personal data with a third party data processor. Our policy is that we will only transfer your personal data to a third party processor who complies with the Company’s security and data protection procedures and policies or if they put in place equivalent measures themselves, which we deem to be acceptable and are at minimum in compliance with the General Data Protection Regulation (EU) 2016/679. Furthermore, we will provide only the information they need to perform their specific services, they may only use your data for the exact purposes we specify in our contract with them and if we stop using their services, any of your data held by them will either be disposed or anonymized. Examples of the kind of third parties we work with are: • IT companies or cloud storage companies that support our Information Technology and other business systems. • Operational companies such as archiving or records management companies, printers of your monthly bills, delivery couriers. • Banks and other financial institutions. • External legal consultants, financial Auditors, and business advisors to help us with statutory and other compliance obligations. • Direct marketing companies and market research companies who help us manage our electronic or postal communications with you and shape our products and services to serve your communication and entertainment needs and expectations to the highest standards. • Card payment processing companies, such as JCC Payment Systems Ltd, • Debt collection agencies who assist us in recovering outstanding amounts For fraud management, we may share information about fraudulent or potentially fraudulent activity on our premises or systems. We may also be required to disclose your personal data to the police or other enforcement, regulatory or public authorities like income tax authorities upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
We might send your personal data to other companies based outside the EEA. For example, like many companies, we may use cloud services from suppliers outside the EEA. However, your Personal data will not be transferred to a country outside the EEA unless that country has adequate measures in place to ensure that your rights and freedoms are protected when your personal data is processed (stored for example). Where we transfer your information to companies outside the EEA, we will make sure that mechanisms for adequate safeguards are provided by the processor residing in countries outside EEA. Examples of such mechanisms could include: • The country is approved by the European Union for adequacy on data protection • The recipient the Company might have signed up a contract or use adequate terms and conditions obliging them to protect your information. • The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme. There are likely some other instances in which this principle does not apply, which include cases where we might require your consent for the transfer and we will explain to you clearly in advance all the details; Examples of such instances are: • the transfer is necessary for the performance of a contract between us; • the transfer is necessary for the purposes of legal proceedings or obtaining legal advice; • the transfer is to a country which the European Commission has found to offer an adequate level of protection; • or adequate safeguards are put in place using EU Model Contract Clauses (security addendum). In all cases, however, we will ensure that any transfer of your information is always compliant with the General Data Protection Regulation (EU) 2016/679.
We follow an internal records retention policy based on legal, business and security criteria. We will store personal data for the periods needed for the purposes for which the personal data were collected or in cases there will be requirements to be further processed. There are also occasions a law requiring us to keep it longer. Otherwise, we delete it. We will keep: • a copy of your bills for 7 years from the date of the bill; • your contact details while you have a service subscription with us and for 7 years after your business relationship is terminated with us. • details relating to any dispute for 2 years after it was closed.
We consider your privacy and the safeguard of your personal data by default and by design. This means that we implement those technical and organizational measures that only your personal data that are necessary for the purposes explained in this privacy policy will be processed. We restrict and keep your data accessible only to those the Company people or third parties that require to access your data to deliver our service at optimum levels. We will not retain personal data that we will not need to fulfill a lawful purpose or we are required to keep for legal obligation. We continuously balance the risks for your rights and freedoms posed by any processing through our established risk management framework and control environment.
Online-Payments, when available It is safe to make payments with us online as it is the Company ‘s policy to protect our Customers’ privacy. This is achieved by making all Customers’ online transactions through JCC. When you send your payment details, they are encrypted, (changed to unreadable code), on their journey between your computer or mobile device and the Company. This reduces the risk of interception between these two points. When your payment details arrive they are held securely at our end. Access to your information is carefully monitored and restricted. the Company will only use your card details for the payment concerned. We will not disclose card details to any third parties other than the bank, which processes them for payment. Once your payment has been authorized, we will provide notification of this confirmation via email or letters. Cookies We use “cookies” to monitor site user traffic patterns and site usage. This helps us to understand how our customers and potential customers use our website so that we can develop and improve the design layout and functionality of the sites.
What is PERSONAL DATA? any information relating to an identified or identifiable to a living individual - natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; What is GDPR? GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679). The new European Union Regulation is set to replace the current Data Protection Directive (95/46/EC) as well as the Cyprus Data Protection Law of 2001 The GDPR requires greater openness and transparency from companies on how they collect, store and use personal data and enhances the rights of individuals over their personal data What are SPECIAL CATEGORIES data? Information about a person’s: • Racial or ethnic origin; • Political opinions; • Religious or similar beliefs; • Trade union membership; • Physical or mental health or condition; • Sexual life; or information about • The commission of, or proceedings for, any offense committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in any such proceedings. Special categories data can only be processed under strict conditions and will usually require the explicit consent of the person concerned. What is the processing of personal data? Any activity which involves the data. It includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties. Who is a DATA SUBJECT? The individual the data relates to and for the purpose of this policy, data subjects include all living individuals about whom we hold personal data. A data subject need not be a Cypriot national or resident. All data subjects have legal rights in relation to their personal data. DATA CONTROLLER the Company is a data controller because under GDPR determines the purposes and methods of processing of personal data and DATA PROCESSOR Any individual or organization which processes personal data on behalf of a data controller. Employees of a Data Controller are not considered to be data processors; however, the definition is likely to include suppliers or service providers which handle personal data on the controller’s behalf. DATA PROTECTION OFFICER (DPO) This is the new responsibility for organizations introduced by article 37 of GDPR. DPO’s assist in the monitoring of internal compliance, inform and advise on data protection obligations, provide advice regarding data protection risks and acts as a contact point for data subjects and the supervisory authority. DATA USER Includes employees and other staff members whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times. PRIVACY NOTICE A statement provided to data subjects when or before their personal data is collected which explains, what their information will be used for, to whom it may be disclosed for these purposes (particularly any external third parties) and any other information they may need to know in order to ensure that the processing is fair. COMMISSIONER FOR PROTECTION OF DATA An independent regulator who reports directly to Parliament. The Commissioner for Protection of data is responsible for regulating and enforcing the GDPR in Cyprus and provides advice and guidance about compliance to organizations and members of the public. Anonymized data Data that has had all personally identifiable information removed. Anonymized data are not covered by the GDPR Aggregated data Grouped information, which does not identify customers and they do not contain personal data. They are used for statistical analysis, reporting and research. For example, the total number of calls made in a month or the total number of minutes called. What are Cookies? A cookie is a piece of information, that's stored on your computer, tablet or phone when you visit a website. It can help identify your device whenever you visit that website. Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage.