Icon Pomotions Logo
Promotional Items & Below The Line Marketing Services
Georgiou Economide 1, Office 101 3016 Limassol, Cyprus Tel: (+357) 25 577 800 Fax: (+357) 25 577 801
info@icon-cy.com
Follow Us

Privacy Policy

Protecting the security and privacy of your personal data is important to Icon Promotions ltd. The company conforms its activities to currently applicable regulations on privacy and data protection. We hope that the information appearing below will assist you in understanding what type of data Icon Promotions tends to gather, how they are used and safeguarded, and to whom they are disclosed.

Please read this Privacy Policy carefully and ensure that you understand it. When you use our web site your accept our Privacy Policy . If you do not accept and agree with our Privacy Policy, you must stop using our Site immediately.

    1. Purpose, legal basis of the processing for which the data are intended
      The processing of personal data supplied by you is aimed solely at performing contractual obligations and fulfilling specific requests, as well as fulfilling regulatory obligations, in particular contractual, accounting, and tax obligations.
      For the purpose of the indicated processing, the holder will not be aware of data defined as “sensitive”in accordance with the EU Regulation 2016/679, such as those suitable to reveal the racial or ethnic origin, religious beliefs, philosophical or other kinds, political opinions, membership of parties, trade unions, associations of religious, philosophical, political or trade union organizations, health status and sexual life.
    2. Source of personal data origin
      Personal data come from:

      1. Copies of identity, tax, and accounting documents needed for customer identification;
      2. Copies of identity, tax, and accounting documents needed for the identification of suppliers;
      3. Copies of Certificate of Incorporation or Business Entity Certificate or similar);
      4. Copies of constitutive and amending company deeds;
      5. Transportation documents;
      6. Attestations of health and / or disability in general, attestations of suitability for the task;
      7. Payment models for taxes, fees and contributions; Insurance policies for civil liability relating to vehicle traffic, business risks, personal risks;
      8. Any other documentation or accounting, tax or extra-accounting information that is useful and / or necessary for the accomplishment of the Company’s activities.
      9. Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
    3. Methods of processing
      In relation to the indicated purposes, your data are processed both electronically and on paper. The processing operations are carried out in such a way as to guarantee the logical, physical security, and confidentiality of your personal data.
      Data processing is carried out by the subjects and in the following ways:

      1. By the owners and / or processors,
      2. By means of the operations or set of operations indicated such as: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and distribution of data.
      3. By using procedures – also computerized – in the ways and within the limits necessary to pursue the aforementioned purposes.
    4. Legitimate interests pursued by the data controller or third parties
      Icon promotions Ltd, processes personal data, for the conduct of its business. This report has been prepared, in compliance with EU Regulation 2016/679, to define and describe the security policies adopted by the Company regarding the processing of personal data and the organizational criteria followed for their implementation and to provide suitable information on this matter also to third parties.The information provided below is considered useful support to provide information suitable for assessing the security policy pursued by the Company.
    5. Nature of personal data
      Subjects processed are your personal, judicial, and administrative data – concerning the performance of the service requested by you.
      During the provision of the service, it may be necessary to acquire and carry out processing operations of your personal, judicial, and administrative data.
      The data processed will be of a purely ordinary nature; they areaimed at maintaining the commercial relationship stipulated previously by contract.
    6. Aim of communication and dissemination of data
      Your data may be communicated to:

      • all the subjects to whom the right of access to such data is recognized by virtue of regulatory provisions;
      • to our collaborators, employees, as part of their duties;
      • to all those natural and / or legal persons, public and / or private, when the communication is necessary or functional for carrying out our activity and in the manner and for the purposes described above.
    7. Transfer of personal data to another country
      The processing of your personal data underlines the possibility of transferring these data to countries outside the EU or to international organizations.
    8. Mode and duration of personal data retention
      The invoices, the documents relating to collections and payments, and the different documents related to the activity are kept by the Company for the time necessary to fulfill the legal obligations. For non-active clients their data are deleted after 10 years from the date they stop any business relation with our company, including the request for quotations.
    9. Extreme identification of the owner, manager, and Privacy Officer
      The data controllers (DPI) are Mr Photis Constantinou and Maria Constantinou with registered office, Georgiou Economide 1, Office 101, 3016 Limassol, Cyprus.
      The employees and collaborators of the company in the performance of their duties are also appointed as data processors. Given the organizational size, the Data Privacy Officer (DPO) is not provided.
    10. Rights of the interested party
      10.1 Article 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679
      The interested party has the right to obtain from the data controller confirmation that it is or is not undergoing the processing of personal data concerning them and – in this case – to obtain access to personal data and the following information:

      1. the purposes of the processing;
      2. the categories of personal data in question;
      3. the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
      4. the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
      5. the existence of the right of the interested party to request the data controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
      6. the right to lodge a complaint with a supervisory authority;
      7. the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

      10.2 Right pursuant to art. 17 of EU Reg. 2016/679 – right to cancellation (“right to be forgotten”)
      The data subject has the right to obtain from the data controller the deletion of personal data concerning them without undue delay and the data controller is obliged to cancel the personal data without undue delay if one of the following reasons exists:

      1. personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
      2. the data subject revokes the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and whether there is no other legal basis for the processing;
      3. (c) the data subject opposes the processing pursuant to Article 21 (1) and there is no legitimate overriding reason to proceed with the processing, or opposes the processing pursuant to Article 21 (2);
      4. personal data have been processed unlawfully;
      5. personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the controller is subject;
      6. personal data have been collected in relation to the information society service offer referred to in Article 8, paragraph 1 of EU Reg. 2016/679

      10.3 Right referred to in art. 18 Right of limitation of treatment
      The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:

      1. the interested party disputes the accuracy of personal data for the period necessary for the data controller to verify the accuracy of such personal data;
      2. the processing is illegal, and the interested party opposes the cancellation of personal data and asks instead that its use is limited;
      3. although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to verify, exercise or defend a right in court;
      4. the interested party has opposed the treatment pursuant to article 21, paragraph 1, Reg EU 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

      10.4 Right referred to in Article 20 Right to data portability
      The data subject has the right to receive, in a structured, commonly used and automatically readable form, the personal data concerning them provided to a data controller and has the right to transmit data to another data controller without impediments from part of the data controllers.

    11. Revocation of consent to treatment
      You have the right to withdraw your consent to the processing of your personal data by sending a registered letter to the following address: P.O.Box 55549,3780 Limassol, Cyprus or via PEC to the address photis@icon-cy.com accompanied by a photocopy of your ID, with the following text: <<revocation of consent to the processing of all my personal data>>. At the end of this operation, your personal data will be removed from the archives within 60 days, except for data whose conservation is mandatory under current legislation in civil, tax, and administrative matters.
      If you would like more information on the processing of your personal data, or exercise the rights referred to in paragraph 10 above, you can send a registered letter to the following address: P.O.Box 55549,3780 Limassol, Cyprus or via PEC to the address photis@icon-cy.com. Before we can provide you, or change any information, you may need to verify your identity and answer some questions. An answer will be provided within 10 days.
    12. Changes to Our Privacy Policy
      We may change from time to time our privacy policy as we believe is necessary, or as may be required by law. Any changes will be posted on our web site and we will consider that you have accepted them on your first use of our web site after the changes. We recommend that you check this page regularly to keep your self-updated.