VLPG Plant Ltd (or ‘’VLPG’’) is committed to protecting your privacy and handling your personal data in a transparent and legal manner. This policy statement applies to personal information held by VLPG.
Specifically, this Privacy Policy:
provides an overview of what information VLPG collects, what the purpose of the processing is, what the lawful basis for the processing is, who we may share your information with, how long we keep your data for, how we secure your information, what your rights are with regard to personal data collected and processed by us.;
For the purposes of this Privacy Policy:
When we refer to “Data Subject” we mean a living, identified or identifiable individual about whom we hold Personal Data.
when we refer to “personal data” we mean data which identifies or may identify you and which may include, for example, your name, address, identity card number, telephone number, email address, bank account, date of birth, occupation, and family status;
when we refer to “sensitive data” we mean special categories of personal data which uniquely identify a person; GDPR considers as sensitive personal data revealing the following (1) race or ethnic origin; (2) political opinions; (3) religious and philosophical beliefs; (4) trade union membership; (5) sex life or sexual orientation; (6) physical or mental health or conditions; and (7) genetic data and biometric data for the purpose of uniquely defining a natural person;
when we refer to “processing” we mean the handling of your personal data by us, including collecting, protecting, and storing your personal data;
VLPG Plant Ltd is a joint venture company registered in the Republic of Cyprus under registration number HE36215, having its registered office at CITY House, Themistokli Dervi 17-1-, 1066, Nicosia, Cyprus.
This Privacy Policy relates to personal data collected and enforced by VLPG. If you have any questions about our Privacy Policy or wish to obtain more details in relation to the personal data we hold and process about you, please contact us in writing at VLPG Plant Ltd, Vassilikos Energy and Industrial Area Plot 35, Mari, Larnaca, 7736, Cyprus or via email at info@vlpg.com.cy
We obtain your personal data mainly through any information you provide directly to us or through information provided by third parties. Below is a list of ways in which we collect your personal data.
(a) Personal data collected from our direct interactions with you:
- when you become or contact us to become our customer;
- when you become or contact us to become our supplier or vendor;
- when you engage with or contact us through our social media accounts or websites;
- when you visit our premises;
- when you contact us for an enquiry, complaint or for any other reason (including submission of an employment application);
- when you become our employee;
- when you provide feedback or contact us;
- when you subscribe to marketing material / marketing lists.
(b) Personal data collected from other sources, including:
- from legal entities with whom we have a professional relationship, for example when you are an employee in a customer’s or partner’s or sub-contractor’s or agent’s company offering services or support to us;
(c) Personal data collected from publicly available sources, including:
- the internet;
- the Department of Registrar of Companies and Official Receiver; and
- the press and the media.
(d) Automated technologies or interactions.
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies[, server logs] and other similar technologies. [We may also receive Technical Data about you if you visit other websites employing our cookies.] Please see our cookie policy [LINK] for further details
We generally collect and process data with regard to the following categories of data subjects:
- customers
- suppliers or vendors
- persons who get in touch with us
- employees
- career applicants
- associates, collaborators, professional advisors
The categories of personal data collected by us depends on the category of data subjects and purpose of processing. We may collect the following personal data from you: Contact Data – includes contact details such as your name, address, telephone number, e-mail address and fax number.
Identity Data – includes identification details such as your identification or passport number and driving licence details (e.g. when providing transportation services).
Financial Data - includes your bank account number and account details, your payment card details and other financial information.
Transaction Data – includes details about your transactions with us, your payments and other details of products and services you have purchased from us, our correspondence and communication with you.
Technical Data – includes internet protocol address, login data, browser type and version, time zone and location, browser plug ins, operating system and platforms, other technology on the devised you use.
Profile Data – includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Marketing and Communications data – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Job details (e.g. role, grade, experience and performance information)
Details of any transactions you carry out with us.
Details of contracts you enter with us.
Closed Circuit Television (CCTV) recordings from your physical visits at our premises.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity
Purpose of processing
The collection of Personal Data by us shall be restricted to the collection of personal data necessary or deemed necessary for the purpose of processing.
Legal basis for processing data
The legal basis for processing personal data varies depending on the purpose of processing. Personal data may be processed on one or more of the following legal grounds:
(i) for the performance of our Throughput agreement or client instruction or other agreement with you; (ii) to comply with our legal obligations (e.g. for compliance with regulations of the customs department, port authorities, airport authorities, other governmental regulatory bodies, or other reporting obligations (e.g. regulatory compliance credit checks from credit institutions or other authorities are carried out in the context of combating money laundering and fraud)); (iii) to comply with court orders and exercises and/or defend our legal rights; (iv) for legitimate interests pursued by us in providing services and running an effective business; (v) on the basis of your consent where you have expressly provided such to us; (vi)where we process special categories of Personal Data, we rely on the collection of such data being authorised by European Union or Cyprus law, on a relevant public interest condition, or on express consent.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us
We may share your personal data with third parties as listed below. When we do so, appropriate contractual and security measures shall be applied to safeguard the protection of your data and to maintain compliance with out data protection policy, confidentiality and security standards. We will not share any of your personal data for any purpose other than the purposes described in this Privacy Policy, nor will we sell your personal data to anyone.
- Auditors and accountants;
- External legal consultants;
- File storage companies, archiving and/or records management companies, and cloud storage companies;
- Financial and business advisors;
- Governmental and regulatory bodies, including customs department, port authorities and airport authorities in order to enable us to comply with its legal and regulatory requirements and law enforcement authorities in connection with enquiries, proceedings, or investigations by such parties;
- Insurers
- Card payment processing companies;
- Debt-recovery agents;
- Persons and organisations providing functionality services;
- Employee personal data may be transmitted to clients and potential clients.
Although we do not share any of your personal data with recipients located in third countries (i.e. countries outside the European Economic Area (EEA)), in case we ever do, we will require recipients in third countries to comply with European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR.
We use a range of administrative, technical, and technological measures to keep your information safe and secure both physically and electronically. We require our staff and any third parties who carry out any work on our behalf or at our premises or servers to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
The retention period may differ depending on the purpose of processing.
Unless a longer retention period is required by applicable laws, we will retain your data for a period expiring on the 7th anniversary of the expiration/termination of our relationship with you.
Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal Data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time
Your rights in relation to the personal information we hold about you, are detailed below. Some of these only apply in certain circumstances as set out below. Information on how such rights may be exercised is also included in the table below. Prior to responding to any of your requests please be advised that we may require you to verify your identity. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances).
Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to be informed on how we are lawfully processing it. We may not provide you with certain personal information if providing it would interfere with another Data Subject’s rights (e.g. where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
Request correction (rectification) of the personal data we hold about you. This enables you to have any incomplete, inaccurate, or out of date information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to erase or remove your personal data where there is no good reason for us continuing to process it. However, we may continue to retain your information if we are entitled or required to retain it under applicable law or if there is legitimate interest (e.g. there is a claim against you or Petrolina Group).
Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. In such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interest, rights, and freedoms.
Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data if:
- it is not accurate;
- it has been used unlawfully but you do not want us to delete it;
- it is not relevant anymore, but you want us to keep it for use in possible legal claims concerning you;
- you have already asked us to stop using your personal data, but you are waiting for us to confirm if we have legitimate grounds to use your data.
Exercise of Your Rights: To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us using the contact details set out in Section 1 of this Privacy Policy. We aim to respond to your request as quickly as possible.
In certain cases, we may deny your request. If it is legally permitted, we will let you know in due course why we denied it.
If you have exercised any or all of your data protection rights, or otherwise still feel that your concerns about the use of your personal data have not been adequately addressed by us, you have the right to complain by contacting us using the contact details set out in Section 1 of this Privacy Policy.
You also have the right to complain to the Office of the Commissioner for Personal Data Protection. You can visit their website at https://www.dataprotection.gov.cy.
We may amend and update this Privacy Policy from time to time without prior notice.
We will post the changes on this Privacy Policy on our website and update the revision date. Your use of the website, or continued participation in accordance with the purpose for which your data is being processed, following these changes means that you accept the revised Privacy Notice. We do however encourage you to review this statement periodically as to be always informed about how we are processing and protecting your personal information.