Audio recordings — This Privacy Notice explains how CPT processes personal data collected during incoming and outgoing calls to and from its call center.
Last updated on August 28, 2024
This Privacy Notice sets out how CPT Cyprus Public Transport Services and Operations Limited, hereinafter referred to as “we”, the “Company”, “us” or “CPT”, processes the personal data of its customers, hereinafter referred to as “you”, the “Customer” or the “Data Subject”, collected during incoming and/or outgoing calls placed to and/or from its call center.
This Privacy Notice contains all the information that the Company, as a Data Controller, is required to provide to you in relation to the processing of your personal data, in accordance with the provisions of the EU General Data Protection Regulation 2016/679, hereinafter referred to as the “GDPR”.
The personal data that we collect from you during incoming and outgoing calls placed to and/or from our call center, at 1416, is the following:
The above are hereinafter referred to as your “Personal Data”.
Your Personal Data is processed in a legal, fair and transparent manner, based on the legitimate interests pursued by our Company, in accordance with Article 6(1)(f) of the GDPR.
The purposes for which we collect your Personal Data during incoming and outgoing calls placed to and/or from our Company’s call center are the following:
We do not collect or use any personal information other than that specifically mentioned above, without your explicit consent.
We do not use any form of automated processing of personal data or profiling during the processing of your Personal Data.
We process your Personal Data at our Head Offices in Nicosia, where it is also safely kept and stored with enhanced security measures.
For the storage and security of your Personal Data, the Company takes all necessary technical and organizational measures to ensure that processing is carried out in accordance with local laws and the GDPR. These measures may include controlled access, firewalls, antivirus protection, cryptography of data and similar safeguards.
Within our Company, your Personal Data is accessible only by strictly required personnel, who are bound by a duty of confidentiality and only for the purposes mentioned in section 2 above.
Outside our Company, recipients of your Personal Data may include subcontractors or third parties who cooperate with and/or provide services to the Company in the context of its business, such as information technology service providers, CRM software providers, legal representatives and call center service providers.
We choose our associates very carefully, after the necessary checks have been carried out and sufficient guarantees have been provided to implement appropriate technical and organizational measures. This ensures that processing meets the requirements of the GDPR and relevant laws, and protects your rights.
We may also need to:
If you would like more information about who we share data with and why, please contact us using the details in the “How to Contact Us” section below.
In accordance with our Company’s retention policy and in full compliance with the GDPR, your Personal Data will be kept only for as long as necessary to fulfil the purposes specified in section 2 or, in the case of consent, until you withdraw your consent.
Except in cases where we may need to keep your data to pursue our legal rights and interests, the retention period of your Personal Data will be no longer than 3 months from the date of the call. After this period, your Personal Data will be irreparably destroyed.
For further information in relation to the continued processing of specific data, or to request the destruction of data, please contact us using the details below.
We will not transfer your Personal Data outside the EU/EEA.
In case your data is transferred to entities or other third parties whose headquarters or place of data processing is not located in a member state of the European Union or the European Economic Area, we ensure, before forwarding the data, that an appropriate level of data protection exists, except in legally permitted exceptional cases.
This may be ensured, for example, through an adequacy decision of the European Commission, suitable guarantees, the agreement of EU standard contractual clauses between us and the recipient, or your sufficient consent.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. These measures include, but are not limited to, access control and internal audit.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
As a Data Subject, you can contact us at any time and exercise your rights. These include the right to:
In response to such requests, we reserve the right to require the individual making the request to provide certain details so that we can validate that the individual is indeed the person to whom the data relates.
We are required to respond to requests within 30 days and will endeavour to do so wherever possible. We reserve the right to charge a reasonable fee to cover any expenses that may arise from the request.
In cases where a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, we may be unable to provide relevant services, or there may be restrictions on the services that can be provided.
If you do not wish your call placed to and/or from our call center to be recorded, you have the right, after being informed, to terminate the call immediately. If you knowingly choose to continue the call but inform our employee that you do not wish your call to be recorded, our employee will have the right to terminate the call.
In some cases, under the GDPR, your right to erasure may be lifted to the extent that processing is necessary:
For further information on each of those rights, including the circumstances in which they apply, please contact us using the details below.
If you still feel that your personal data has not been handled appropriately according to the law, you can submit your complaint to the Office of the Commissioner for Personal Data Protection, at Kypranoros 15, 1061 Nicosia, Cyprus, telephone +357 22 818456, email address: commissioner@dataprotection.gov.cy .
You can contact us by post or email if you have any questions about this Privacy Notice or the information we hold about you, to exercise a right under data protection law, or to make a complaint.
CPT Cyprus Public Transport Services and Operations Limited
Postal address: Thali 4, 2200 Geri, Nicosia, Cyprus
Email:
dpo@publictransport.com.cy
This Privacy Notice was last updated on 28 August 2024.
We may change this Privacy Policy from time to time. When we do so, we will inform you via a notification on our website or by other means of contact, when this is considered necessary.